HOME

TheInfoList



Click Here for Items Related To - Domain-validated certificate
OR:
Domain-validated certificate on:   [Wikipedia]   [Google]   [Amazon]

A domain validated certificate (DV) is an X.509
public key certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a Key authentication, public key. The certificate includes the public key and informati ...
typically used for
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...
(TLS) where the
domain name In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority, or control. Domain names are often used to identify services provided through the Internet, such as websites, email services, and more. ...
of the applicant is validated by proving some control over a DNS domain. Domain validated certificates were first distributed by
GeoTrust GeoTrust is a digital certificate provider. The GeoTrust brand was bought by Symantec from Verisign in 2010, but agreed to sell the certificate business (including GeoTrust) in August 2017 to private equity and growth capital firm Thoma Bravo L ...
in 2002 before becoming a widely accepted method.


Issuing criteria

The sole criterion for a domain validated certificate is proof of control over whois records, DNS records file, email or web hosting account of a domain. Typically control over a domain is determined using one of the following: * Response to email sent to the email contact in the domain's
whois WHOIS (pronounced as the phrase "who is") is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomo ...
details * Response to email sent to a well-known administrative contact in the domain, e.g. (admin@, postmaster@, etc.) * Publishing a DNS TXT record * Publishing a nonce provided by an automated certificate issuing system A domain validated certificate is distinct from an Extended Validation Certificate in that this is the only requirement for issuing the certificate. In particular, domain validated certificates do not assure that any particular legal entity is connected to the certificate, even if the domain name may imply a particular legal entity controls the domain.


User interface

As of 2020, all major browsers user interfaces display EV, OV, and DV certificates identically, but provide options to query the type of certificate via multiple clicks.


Characteristics

As the low assurance requirements allow domain validated certificates to be issued quickly without requiring human intervention, domain validated certificates have a number of unique characteristics: * Domain validated certificates are used in automated X.509 certificate issuing systems, such as
Let's Encrypt Let's Encrypt is a Non-profit organisation, non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 public key certificate, certificates for Transport Layer Security (TLS) encryption at no charge. It is ...
. * Domain validated certificates are often cheap or free. * Domain validated certificates can be generated and validated without any documentation. * Most domain validated certificates can be issued instantly (in less than a minute) via special tools which automate issuing process.


See also

*
Let's Encrypt Let's Encrypt is a Non-profit organisation, non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 public key certificate, certificates for Transport Layer Security (TLS) encryption at no charge. It is ...


References

{{TLS/SSL Key management Public key infrastructure Transport Layer Security