In the order, the customer can choose the type of authentication with which the Certification Authority will authenticate the applicant for an SSL certificate.
Warning: After completing and paying for the order, the validation type cannot be changed, so you need to be careful about which verification method you choose. Especially for the Email method, you need to select an email address that actually exists and in which the applicant is able to receive and confirm the validation message.
Please note that if you have an email address on your own domain on Google Workspace (formerly G Suite), you cannot create any of the email addresses listed below! In this case, the DNS validation method is offered (or FILE, if the selected SSL certificate allows this verification method).
The validation methods:
E-MAIL – this type requires confirmation of validation by the applicant via a link sent in an email message. The validation message can be sent to the following email accounts:
Validation messages are sent directly by the CA, depending on the specific type of SSL certificate.
Example below:
RapidSSL from no-reply@rapidssl.com
QuickSSL Premium from no-reply@geotrust.com
Note: This validation is not available for SSL certificates SAN type from CA Actalis.
DNS – the DNS server administrator performs this validation of the applicant. The CA generates a unique string that is inserted into the DNS as a TXT record or as a CNAME. Once the DNS content is resolved, the CA checks the record and, if it is OK, issues an SSL certificate to the domain.
Note: In the case of ordering an SSL certificate without installation and choosing the validation method via DNS, a message with the required TXT string will be sent to the customer´s contact e-mail.
FILE – another alternative, through which the CA authenticates the domain using a TXT file. A publicly available file contains a text string (token) that must be uploaded to a specific website directory. The CA verifies its existence and thus also validates that the applicant has access to and the right to use the domain.
Note: This validation is not available for SSL certificates of the WildCard and SAN types, as well as for all variants of SSL certificates from CA Actalis.