Organization Validated (OV) Certificate Process

OV validation builds upon domain verification by adding organizational authentication requirements. The process begins identically to DV validation, confirming domain control through one of the standard methods. However, this is merely the first step in a more comprehensive process that verifies the legal existence and operational status of the organization requesting the certificate. This additional scrutiny provides users with confidence that a legitimate business entity operates the website.

Legal existence verification forms the core of OV validation. Certificate Authorities must confirm that the organization legally exists as a registered business entity. This typically involves checking government databases, business registrations, or incorporation documents. For corporations, this might mean verifying articles of incorporation with state databases. For partnerships or sole proprietorships, business licenses or DBA (Doing Business As) registrations provide verification. The CA must match the exact legal name, as variations or trade names can cause validation failures.

Physical address verification ensures the organization maintains a real presence at the stated location. CAs verify addresses through various means including government records, third-party business databases like Dun & Bradstreet, utility bills, or bank statements. Some CAs may use online mapping services to confirm addresses exist and appear legitimate for business operations. Virtual offices or mail forwarding services may require additional documentation to prove legitimate business use.

Telephone verification adds another layer of authentication. The CA must independently verify the organization's phone number through directories or public records—they cannot simply call numbers provided by the applicant. Once verified, they place a call to confirm the certificate request and the applicant's authority to request certificates. This call serves multiple purposes: verifying the phone is operational, confirming organizational awareness of the request, and providing opportunity for additional verification questions.