Standard SSL Certificates are issued by an Certificate Authority (CA) such as Thawte after the CA performs some basic standard validation on the identity of the certificate request to ensure that the certificate is not issued to “the wrong hands”.
The types of validation performed for standard SSL certificates vary by the type and cost of the certificate, but include:
- A confirmation email message sent to the domain administrator as specified in the domain’s entry in the WHOIS database
- A confirmation email message sent to a standard administrative email address at the domain itself, such as “firstname.lastname@example.org”.
- The name of the organization owning the domain name may be validated.
Read the rest of this post »