Handle CA review results

更新时间:
复制 MD 格式

This topic describes how to check the review status after submitting a certificate application and how to handle different review results.

Prerequisites

You have submitted a certificate application to a CA and completed domain ownership verification.

Check the review status

  1. Go to the Certificate Management Service console.

  2. In the left-side navigation pane, choose Certificate Management > SSL Certificate Management V2.0 or SSL Certificate Management (V1.0 - Discontinued).

  3. Based on the type of certificate you applied for, click the Commercial Certificates or Individual Test Certificate (Formerly Free Certificate) tab to view the status of the corresponding certificate.

Handle review results

Status: Validating Application

Review duration

Certificate type

Typical issuance time

Review timeout

DV (Domain Validated)

After you submit the certificate application, if all information is correctly filled in, the certificate is typically issued within 1 to 15 minutes.

If the certificate is not issued within 2 calendar days, the review automatically fails.

OV (Organization Validated) and EV (Extended Validation)

After you submit the certificate application, if all information is correctly filled in and you actively cooperate with the CA for verification, the certificate is typically issued within 5 calendar days.

If the certificate is not issued within 30 calendar days, the review automatically fails.

View the review progress

After you submit the certificate application, you can view the specific review progress in the Status column of the certificate. Click the Status tag icon, and then click View Progress in the prompt dialog box to view the current review progress of the certificate.

Cooperate with the CA to complete the review

The CA reviews DV, OV, and EV certificates differently. You need to perform different operations to cooperate with the CA to complete the qualification verification and ensure that the certificate is issued smoothly.

DV certificates

Wait for the CA to process your certificate application. The certificate is automatically issued after the application is approved.

OV and EV certificates

The CA contacts you within one business day (extended during holidays). Cooperate with any verification requests promptly to avoid delays.

If the information you provide is correct and you cooperate actively, OV and EV certificates are typically issued within five calendar days. If you do not receive a phone call or email within 5 business days, contact your account manager.

Phone

The CA staff contacts you by using the phone number in your company registration information (not the contact phone number you filled in the system) to verify the certificate application information. Keep your phone available to receive the verification call from the CA.

Email

The CA sends a domain verification email to the email address in your company registration information (not the contact email address you filled in the system). Check your email in a timely manner and follow the instructions in the email.GlobalSign verification email

The email content varies by certificate brand.

Status: Failed

View the reason for review failure

If the certificate application fails the verification, the certificate status changes to Failed. Move the pointer over Failed, and then click View Cause in the prompt dialog box to view the reason for the review failure in the panel.

Modify information and reapply

After the review fails, modify the application information based on the failure reason (especially the company qualification information) as soon as possible, and then resubmit the certificate application to avoid affecting your business.

Common reasons for review failure and solutions

The domain name contains sensitive words

If the domain name contains sensitive words restricted by the CA, the certificate review fails.

Perform the following steps:

  1. Replace or remove the sensitive words in the domain name. Common sensitive words include: live, bank, banc, fund, wallet, pay, lv, nuclear, pw, asia, ban.c, alpha, test, example, credit, apple, ebay, trust, root, amazon, android, visa, google, discover, financial, wordpress, pal, hp, lv, free, and SCP.

  2. Resubmit the certificate application after the modification.

Note

If the review still fails after multiple attempts, we recommend that you select another official certificate or change the primary domain name.

Domain verification is not completed or fails

After you apply for an SSL certificate, you must complete domain ownership verification to prove that you have control over the domain name.

Complete the domain verification in a timely manner. For more information about how to complete the verification, see Domain verification.

The company phone number is empty or incorrect (OV/EV)

When you apply for an OV or EV SSL certificate, the CA needs to contact the applicant by phone to complete identity verification.

Make sure that the company phone number you enter meets the following requirements:

  • The phone number cannot be empty.

  • The phone number format must be correct and comply with standards.

  • The phone number must be able to reach the applicant.

Company information verification fails (OV/EV)

When you apply for an OV or EV SSL certificate, the CA verifies the authenticity of the company information through public channels (such as business registration information platforms). If the verification result is inconsistent with the information you entered, the verification fails.

Verify and update your company information on a public platform to ensure that the company information you enter during the application is consistent with the query results from public channels.

The company information entered during the application is inconsistent with the domain-authenticated company (OV/EV)

The company information entered in the certificate application must be consistent with the company information registered for the domain name.

Perform the following steps:

  1. Go to your domain name registrar to confirm the company information registered for the domain name.

  2. Log on to the Certificate Management Service console. In Comprehensive Management > Company Profile Management, modify the company information. For more information, see Modify company information.

  3. Resubmit the application to the CA and select the correct company information in the application.

The CSR file has been used for another order

To ensure the security of certificate keys, each SSL certificate must use a unique key pair. A CSR file that has been used cannot be reused in a new order.

Generate a new CSR file and submit the order with the new CSR file.

The domain name format bound to the certificate is incorrect

The domain name format must meet the following requirements:

  • The domain name can contain only letters, digits, and hyphens (-).

  • The maximum length of the domain name cannot exceed 64 characters.

Check the domain name information in the CSR request file and the order. Make sure that a correctly formatted domain name is used, and then resubmit the order.

The Common Name field in the CSR is incorrect

When you create a CSR file, the Common Name field must be set to the primary domain name bound to the certificate.

Recreate and upload the CSR file. Make sure that the Common Name field is correctly filled in.

Note

To ensure the correctness of the CSR file content, we recommend that you use the system automatic CSR generation feature. When you use the automatic generation feature, you can also download the certificate in different formats after the certificate is issued.

Status: Issued

After the CA approves the application, the certificate status changes to Issued.

View the certificate validity period

In SSL Certificate Management V2.0, you can click Actions in the Details column of the target certificate. On the Details tab, view the expiration date of the certificate in Certificates.

In SSL Certificate Management (V1.0 - Discontinued), you can view the certificate expiration date in the Validity Period column of the target certificate.

View the domain names bound to the certificate

In SSL Certificate Management V2.0, you can click Actions in the Details column of the target certificate. On the Details tab, view the bound domain names in Certificates.

In SSL Certificate Management (V1.0 - Discontinued), you can view the bound domain names in the Bound Domains column of the target certificate.

Note

Some certificate brands may include complimentary domain names. If the displayed domain names include domain names other than the applied domain name, they are complimentary domain names. For more information about the complimentary domain name rules, see Purchase a commercial certificate.

Deploy the certificate

After the certificate is issued, see Select an SSL certificate deployment solution to choose the most suitable deployment solution.