Domain-validated certificate

src: 4.bp.blogspot.com

A domain-validated certificate (DV) is an X.509 digital certificate typically used for Transport Layer Security (TLS) where the domain name of the applicant has been validated by proving some control over a DNS domain.

Video Domain-validated certificate

Issuing criteria

The sole criterion for a domain-validated certificate is proof of control over whois records, DNS records file, email or web hosting account of a domain. Typically control over a domain is determined using one of the following:

• Response to email sent to the email contact in the domain's whois details
• Response to email sent to a well-known administrative contact in the domain, e.g. (admin@, postmaster@, etc.)
• Publishing a DNS TXT record
• Publishing a nonce provided by an automated certificate issuing system

A domain-validated certificate is distinct from an Extended Validation Certificate in that this is the only requirement for issuing the certificate. In particular, domain-validated certificates do not assure that any particular legal entity is connected to the certificate, even if the domain name may imply a particular legal entity controls the domain.

Maps Domain-validated certificate

User interface

Most web browsers may show a lock (often in grey, rather than the green lock typically used for an Extended Validation Certificate) and a DNS domain name. A legal entity is never displayed, as domain-validated certificates do not include a legal entity in their subject.

• Mozilla Firefox historically showed domain validated certificates with a grey lock, but was modified to show a green lock for DV connections after Mozilla launched Let's Encrypt (which only provides domain-validated certificates).
• Safari shows domain-validated certificates with a grey lock.
• Microsoft Edge displays domain-validated certificates with a hollow grey lock.
• Chrome and Chromium display a green lock.

src: cdn.slidesharecdn.com

Characteristics

As the low assurance requirements allow domain-validated certificates to be issued quickly without requiring human intervention, domain-validated certificates have a number of unique characteristics:

• Domain-validated certificates are used in automated X.509 certificate issuing systems.
• Domain-validated certificates are often cheap or free.
• Domain-validated certificates can be generated and validated without any documentation.
• Most of domain validated certificates can be issued instantly.

src: namecheap.simplekb.com

References

Source of article : Wikipedia