In the order, the customer can choose the type of authentication with which the Certification Authority will authenticate the applicant for an SSL certificate.
There are 3 methods:
E-MAIL – this type requires confirmation of validation by the applicant via a link sent in an email message. The validation message can be sent to the following email accounts:
Validation messages are sent directly by the CA, depending on the specific type of SSL certificate.
Example below:
RapidSSL from no-reply@rapidssl.com
QuickSSL Premium from no-reply@geotrust.com
DNS – the DNS server administrator performs this validation of the applicant. The CA generates a unique string that is inserted into the DNS as a TXT record or as a CNAME. Once the DNS content is resolved, the CA checks the record and, if it is OK, issues an SSL certificate to the domain.
Note: In the case of ordering an SSL certificate without installation and choosing the validation method via DNS, a message with the required TXT string will be sent to the customer´s contact e-mail.
FILE – another alternative, through which the CA authenticates the domain using a TXT file. A publicly available file contains a text string (token) that must be uploaded to a specific website directory. The CA verifies its existence and thus also validates that the applicant has access to and the right to use the domain.
Note: This validation is not available for SSL certificates of the WildCard and SAN types, as well as for all variants of SSL certificates from CA Actalis.