SSL Certificate Validation Frequently Asked Questions
Q. Why do you validate my SSL application?
A. To ensure that our products are both secure and trusted we carry out a two step validation process, which we believe is essential to give our customers, and theirs, confidence in the trustworthiness of their website. A weakly validated certificate risks losing the trust of consumers who rely on such certificates to ensure their personal details are secure. For further information on validation go to: /ssl-certificate-support/guides/docs/ssl_validation_white_paper_v1.03.pdf
Q. I only want a trial certificate, why do you validate those applications?
A. Your trial certificate is a fully-functional SSL Certificate, with exactly the same browser ubiquity and encryption as our other certificates. This is so that you can fully-test your systems prior to roll-out. As such, the trial certificate must be validated to the same standard as other certificates in our range. This validation process is utilised for every application put to us, whether the applicant is an individual or a multi-national conglomerate.
Q. We've already been validated by another Certification Authority; do we still have to be validated by Comodo?
A. Yes, we will need to validate you ourselves as our criteria for issuing SSL certificates are often more stringent than those of other Certification Authorities.
Q. What documentation do I need to send to you?
A. We accept many forms of documentation, from many countries. To find out what documentation we accept for your country of business go to: /ssl-certificate-support/validation_guidelines_table.html
Q. How do I send you my documentation?
A. We are happy to accept documentation via email, fax or post:
Email: email@example.com (Accepted formats: .gif, .jpg, .bmp, .pdf, .efx, .tif.)
Fax #: +1 866 831 5837 (US and Canada), +44 161 877 1767 (UK and Europe)
Post: Comodo Group, 3rd Floor, Office Village, Exchange Quay, Trafford Road, Salford, Greater Manchester, M5 3EQ, United Kingdom.
Q. Are my documents secure?
A. We take the issue of confidentiality very seriously. All documentation received is kept securely; hard (paper) copies are filed in a secure cabinet and electronic copies are stored on a secure server. Both the secure cabinet and server have restricted access policies in place, which prevents any unauthorised personnel from having access to your documentation.
Q. How long do you keep my documentation?
A. We keep all provided documentation for 7 years as per our CPS (http://www.comodo.com/repository/09_22_2006_Certification_Practice_Statement_v.3.0.pdf). After 7 years all stored documentation is destroyed. Paper documentation is shredded and recycled and electronic documentation, which is regularly archived to CD-Rom, is also shredded.
Q. I have ordered a certificate from you before. Do I need to send my documentation again?
A.If you have ordered an Organization Validated SSL certificate (e.g. InstantSSL, PremiumSSL) within the past 27 months and are renewing or purchasing another certificate for the same organization then we can use the details we have on record and you do not need to re-send your documentation unless you have changed your account details. If your purchase was longer than 27 months ago then yes, you will have to resend documentation.
If you have ordered an Extended Validated SSL certificate (e.g. Comodo EV SSL) within the past 13 months and are renewing or purchasing another certificate for the same organization then we can use the details we have on record and you do not need to re-send your documentation unless you have changed your account details. If your purchase was longer than 13 months ago then yes, you will have to resend documentation.
If we do not already have your organization's details on record (for example, because you previously ordered a Domain Validated SSL certificate (e.g. Essential SSL) and wish to upgrade to an OV or EV certificate then you will have to send us validation documentation.
If we have any queries, we will contact you via the administrators email address on the account and request documentation if required. If you order subsequent certificates without using your existing account, we will require and request documentation from you.
Q. My domain is registered with, and the WhoIs shows the registrant as, Domains by Proxy. Will this prevent you validating and issuing my certificate?
A. If you are able to provide documentation from Domains by Proxy to show that you are the actual registrant, we are able to validate and issue your certificate. If you are not able to provide such documentation, as the registrant is "officially" Domains by Proxy, we are not able to validate and issue your certificate.
Q. How long will it take to issue my certificate?
If we already have a record of your company and domain name(s) in the IdAuthority, the largest company directory on the web, we will be able to expedite your SSL application. In most cases, this means that validation of your application and issuance of your SSL Certificate may only take a few minutes.
A. If we do not already hold sufficient information on your company and domain name(s), or your application data does not completely match the IdAuthority entry for your website, we may require additional information. In this instance you should allow up to 2 days for us to validate your application.