API

Validation

When a CA gets a request for a certificate and verifies your identity, it validates the certificate. There are four types of validation:

  • Domain Validation (DV): A lower level of validation. The CA validates that you have control of the domain. A typical CPS DV certificate expires in 90 days. The CA validates your authority over the domain by making automatic requests via HTTP, DNS or other methods to verify that domain is controlled by the requestor. When a domain has been CNAME'd to Akamai, Akamai can manage new requests and renewals automatically on your behalf.

  • Organization Validation (OV): A higher level of validation. The CA validates whether or not the company is valid, if it is registered, and if the business contact legitimately works at the company. An OV certificate generally expires in one year. Renewal of this type of certificate requires a manual reverification performed by the CA prior to issuing updated credentials.

  • Extended Validation (EV): The highest level of validation in which you must have signed letters and notaries sent to the CA before signing. Wildcard certificates cannot be EV certificates because an EV certificate requires you to be explicit about all the subject alternative names (SANs). An EV certificate generally expires in 13 months. Renewal of this type of certificate requires a manual reverification performed by the CA prior to issuing updated credentials.

  • Third Party Validation: This is used for third party certificates. The expiration date of third-party certificates varies, since these certificates are issued outside of CPS. The renewal of third party certificates is the responsibility of the customer. Akamai provides an updated CSR and the user must repeat the process of getting a signed certificate from their CA of their choice.

Advances in certificate validation require contact between the CAs and the organization for which the certificate is being requested. Depending on the validation mechanism and certificate authority, the process requires different levels of participation from the organization. The timeline for this process depends on many factors, including the number of domains and the responsiveness of the organization. While the process can take just a few days, it can extend to much longer periods. Customers should consider using Domain Validation for the most rapid provisioning.