How does the CA Verify Domain Registrant Information?
When performing the verification process, the CA verifies that the entity or individual requesting the certificate controls the domain in the request by sending an e-mail message to the domain’s authorization contact i.e., administrative or registrant contact prompting the recipient to approve the certificate request. If contact information is not provided by Whois or does not match, the customer may instead request a Domain Authorization Letter from his/her Registrar and subsequently submit the letter to the CA. If the administrative/registrant contact fails to approve the certificate request, the request is denied. This authentication process ensures that only the individual who has control of the domain in the request can obtain a certificate for that domain. No individual or entity can obtain a certificate for a domain whose registration it does not control.
