SSL certificates are issued to one or more domain names. It's the job of the Certification Authority (CA) that eventually signs the cert to verity that the entity requesting a cert (you) has the right to use the domains in the cert. For example, if you want to buy a cert for, say, www.yahoo.com, you'd have to prove that you currently own and have control over the yahoo.com domain. This proof is called Domain Control Validation, or DCV.
DCV is proved by one of three methods:
In this article we discuss DCV by Approval Email.
You can prove domain ownership if you can receive an email from the CA (GeoTrust, Comodo, DigiCert) to any email address associated with your domain's WHOIS record (harder to do these days with GDRP in effect) or to one of five pre-approved generic email addresses. The generic emails are admin, administrator, hostmaster, webmaster and postmaster @YOUR-DOMAIN.COM (the domain in your certificate request, not your personal email). CAs are not permitted to send DCV emails to any other addresses (doing so could result in the CA being flagged and distrusted in popular browsers... they're not going to do it).
You can change and/or re-send the DCV email to one of the approved emails by logging in to your GeoCerts SSL Manager account and selecting Action > Change/Re-send. You can also contact us and we'd be happy to help you understand your DCV options.
You think you have one of the generic email boxes setup and ready to go, but do you really? Sometimes sending yourself a test email requires jumping through hoops. Don't do that.
A couple of tools to check your MX email server
It's perfectly fine to set up an email alias that forwards to your regular email address. For example, you can configure an email alias email@example.com to forward to firstname.lastname@example.org. As long as you can respond to the link in the DCV approval email from the CA it doesn't matter how it makes its way to you.
If DCV via challenge email won't work for you there are other approved options available. If you have management control over the DNS records for domain in the certificate request you can create a DNS TXT or CNAME record with a unique code to demonstrate and prove domain control. Just login to your GeoCerts account to make the change.
Learn more about these other DCV methods to prove domain control:
Please contact our support team if you have any additional problems or questions.