Pre-validation checks

Openprovider has released pre-validation checks on OV and EV SSL for Dutch customers
That is used for certificates containing .nl domains and for new gTLDs.

We found that some orders have validation problems due to incorrect details of the company requesting the certificate. It increases the time period between request sent and issuance. SSL Panel solves this problem, because of using pre-validation for orders made for NL domains.
You are able to see real-time if the given information is correct or whether information needs to be corrected.

1. How does that work?
2. What can I do?
3. Where can I find the status of my order?
4. Validation error: company details do not match kvk
5. Validation error: Telephone number can't be found on a public source
6. Validation error: Company name incorrect in domain registration details
7. Validation error: Company not found
8. Validation error: Domain does not exist

How does that work?

When you place an order our system is going to check if the company requesting the certificate appears in the 1. Chamber of commerce and if their telephone number appears in a public source (detelefoongids.nl, kvk, etc).
2. In case our system finds problems to validate the company it will send an email with the problems.
3. The email is sent to the email address of the administrative contact of your account.

What can I do?

If a certificate is requested with the correct details and the company can be found you don't have to do anything.

If a certificate is requested with wrong data then you can log into our new SSL panel and change it to solve the validation issues.

Usually, the validation issues are related to the company name, company address or because the CA (Certificate Authority) can't validate the telephone number of the company.

SSL Panel tells you the options to solve these validation issues and you can update the order to make sure that the CA is going to be able to validate the company successfully.

Where can I find the status of my order?

It could be found in SSL Panel in the "Status" block. Here is an example of failed pre-validation.

Click "Company validation" or "Phone number validation" to see more details regarding incorrect data.

Examples of validation errors

1. Company details on the order do not match with the information from the kvk

A certificate is requested in the name of a company. One step of the validation is to see if the company that the certificate has been requested on exists.

For example, we request a certificate for our company website openprovider.nl. We need to put Hosting Concepts B.V. as the company in the order.

During the prevalidation, our system will check in the public company registration databases to see if the company exists and what details it has. It will then be compared to the data as it is given in the order.

This check most commonly fails because a mistake was made in the name of the company, or a trading name was submitted instead of the real company name.

For example, we request a certificate for openprovider.nl and submit the company name 'Openprovider' in the order. This will fail, as 'Openprovider' is the trade name of Hosting Concepts B.V.. In this case, I need to update the order with the correct company name.

To correct problems with this step of the validation you will first need to check if the assumption that the company name is as you put it in your order is correct. Check the business registration database and search for the company name.

Sometimes the company name is not unique and our system will find multiple entries of the same company. In such cases, you need to insert a business registration number in the contact handle of the order. This will point our system to the exact entry in the registration database and match that data.

The next step is to click 'Edit certificate' in the SSL panel and insert a new CSR that contains the correct company name. Once you submit the order our system will check all data again and validate your order.

The panel tells you what the problem is and it gives you a link to our KB where you can find more information about what to do.
Click on 'Show in kvk.nl ' to see what the differences are.

As been said before if the address is not correct on the order to go to your Openprovider account, click on 'customer management' and change the address of the handle or create a new contact. Then go back to your order in the SSL Panel and click on 'Edit certificate' (update the handle if needed) and then click on 'request'.

If the company name is not correct you will have to create a new customer in the Openprovider panel and then update it in the SSL panel.

If the company name or the address is not correct on the kvk-details then please contact the kvk to update the information.

You can also generate a report in PDF and download it for more comfortable usage.

If you are 100% sure details you've entered are correct then you can use "Force request" to sent data directly to CA for the next validation.

2. Telephone number can't be found on a public source

The CA and our system check the following public sources:

To complete the validation of a certificate the certificate authority will give a call to the company that the certificate is being requested for.

During the call they will pose a very simple question; Did you request this certificate to be ordered?

The call can only be made to a phone number that is listed in a public source. Our system will check in the public sources to ensure the company as submitted in the order is listed. If it is not listed, this validation fails.

Usually, the cause of this validation to fail is that the public databases do not contain a phone number for the given company.

To correct this simply update the public source to contain a phone number. Once this is done, click 'Edit certificate' and submit your order again. Our system will then go through all the necessary checks again and validate your order.

If the company's telephone number appears in another 'accepted source' then please click on the button 'force request' and the order will be sent to the CA.

If all validation issues are solved you will see that the certificate status will be changed from 'Open' to 'requested'. We have sent your order successfully to the CA.

If not all problems can be solved but you are sure that the certificate can be validated with the current data then please click on the button 'force request' and it will be sent to the CA anyway.

3. Company name incorrect in domain registration details

A certificate is requested in the name of a company. One step of the validation is to see if the domain name(s) that the certificate has been requested for are registered to the company as it was submitted in the order.

For example, openprovider.nl is registered to the company Hosting Concepts B.V.. Openprovider is a trading name of Hosting Concepts B.V..

When we request a certificate we place the order in name of Hosting Concepts B.V., only the real company name will be accepted by the certificate authorities. If we place the certificate request in name of Openprovider the validation will fail, the certificate authorities will not give out a certificate to us unless we place the order for Hosting Concepts B.V.

When the validation checks openprovider.nl it will see that the domain is registered to Hosting Concepts B.V.. It will succeed.

If we had registered the domain to Openprovider this part of the validation would fail. To correct this we will need to update the domain registration to have the real company name at the registry.

Once you have updated the domain name at the registry, click 'Edit certificate' in the SSL panel and request the order again. This will trigger the validation again to see if the data is now correct.

4. Company not found

A certificate is requested in the name of a company. One step of the validation is to see if the company that the certificate has been requested on exists.

For example, we request a certificate for our company website openprovider.nl. We need to put Hosting Concepts B.V. as the company in the order.

This check most commonly fails because a mistake was made in the name of the company, or a trading name was submitted instead of the real company name.

It will also help if you insert a business registration number in the contact handle of the order. This will point our system to the exact entry in the registration database and match that data.

Currently, we check the following databases automatically during prevalidation:

Dutch companies: KVK

5. Domain does not exist

A certificate is requested for a domain name. For example, we requested our certificate for www.openprovider.nl.

The first check our system will do is to see if the domain name that you requested your certificate for exists. If it does exist, our system can check if the owner matches the owner as you have submitted it in your order.

Usually, this validation step goes wrong when an error was made in the CSR of the order, a mistake in the domain name.

To correct the domain name that was submitted in the order, click 'Edit Certificate' and insert a new CSR that contains the correct domain names.

You can always use our CSR generator to generate a new CSR, click here to go directly to it.

Table of contents: