How does a SSL Certificate Authority know that you own the domain?

Question

What is stopping one from getting a signed SSL certificate to a domain he/she does not own?

I.e. What checks are made to make sure one cannot simply buy a new certificate for google.com and go about doing evil...

Surely the whole point of giving (a ridiculous sum of) money to a CA is so that people are without doubt that the server they are connecting to is the correct one. No?

Thanks.

score 3 · Accepted Answer · answered Jan 31 '13 at 16:53

3

It is up to the CA to ensure that the person applying for a certificate own the domain.

One method that is often being used for cheap SSL certificates is whois lookup

But methods can vary from CA to CA and the level of trust the certificate gives.

answered Jan 31 '13 at 16:53

Stefan Rasmusson

5,445
3
21
48

Another method they use is to email the owner of record as recorded in the DNS and ask for confirmation. – user207421 Feb 01 '13 at 00:09

How does a SSL Certificate Authority know that you own the domain?

1 Answers1