> For the complete documentation index, see [llms.txt](https://docs.certinext.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.certinext.io/documentation/certificate-lifecycle-management/ordering-a-certificate/as-a-customer/ordering-ov-public-trust-certificates.md). # Ordering OV Public Trust Certificates ## What Is an OV Certificate? An Organization Validation (OV) SSL/TLS certificate does two things simultaneously: it encrypts all data flowing between your web server and visitors' browsers, and it proves to those visitors that your organization has been independently verified by a trusted Certificate Authority (the CA). Unlike a basic Domain Validation (DV) certificate, which only checks that you control a domain name, OV certificates require the CA to confirm that your company or organization legally exists. This makes OV certificates the standard choice for corporate websites, customer portals, e-commerce stores, and any site where organizational identity matters. The issuance timeline is typically 1-5 business days because the CA must complete the organization verification step. Once your organization is validated and stored in the system, subsequent OV certificate orders for the same organization can be processed faster. ### The Four OV Product Variants - At a Glance CERTInext offers four variants of the OV certificate, each designed for a different hosting scenario: **OV SSL Certificate** Domains Included (base): 1 Extra SAN/Domain Cost: N/A Domain Format: domain.com Covers All Subdomains: No (only www if enabled) www Variant Option: Yes (checkbox) DCV Verifications: 1 Add/Remove SANs post-issuance: No Consent Confirmation Dialog: Not required **OV Wildcard SSL** Domains Included (base): 1 wildcard Extra SAN/Domain Cost: N/A Domain Format: \*.domain.com Covers All Subdomains: Yes - all subdomains www Variant Option: No (disabled) DCV Verifications: 1 Add/Remove SANs post-issuance: No Consent Confirmation Dialog: Required **OV UCC SSL** Domains Included (base): Up to 4 Extra SAN/Domain Cost: $84 per domain Domain Format: Multiple domains Covers All Subdomains: No - each listed separately www Variant Option: Yes (checkbox) DCV Verifications: One per domain Add/Remove SANs post-issuance: Yes Consent Confirmation Dialog: Required **OV Wildcard UCC SSL** Domains Included (base): Up to 4 wildcards Extra SAN/Domain Cost: $490 per domain Domain Format: Multiple \*.domain.com Covers All Subdomains: Yes - all subdomains per wildcard www Variant Option: No (disabled) DCV Verifications: One per domain Add/Remove SANs post-issuance: Yes Consent Confirmation Dialog: Required #### **Choosing the Right Product** **Use OV SSL Certificate** if you need to secure one specific domain (e.g., [www.example.com](http://www.example.com)). **Use OV Wildcard SSL** if you need to secure a domain and ALL its sub-domains (e.g., \*.example.com covers mail.example.com, shop.example.com, etc.). **Use OV UCC SSL** if you need to secure several different domain names under one certificate (e.g., example.com + example.net + another-domain.com). **Use OV Wildcard UCC SSL** if you need to secure multiple wildcard domains under one certificate (e.g., \*.example.com + \*.example.net). ### Prerequisites - Before You Begin Have the following ready before starting an application: **CERTInext account**: Log in at your organization's CERTInext portal URL. Your administrator provides login credentials. **Certificate Signing Request (CSR)**: A CSR is a block of encrypted text generated on your web server. It contains your public key and basic organizational details. Generate it using your web server software (e.g., OpenSSL, IIS, cPanel) before starting the application. **Domain name(s) to secure:** Know the exact domain(s) you want the certificate to protect. For Wildcard, the format is \*.yourdomain.com. For UCC/Wildcard UCC, list all domains upfront. **Organization details**: Legal organization name, registered address, country, state/province, and locality - as they appear in official records. These must match what the CA verifies. **Organization representative info**: Full name and contact details (email, phone) of the person who will act as the certificate subscriber. **Account credit or payment method**: Sufficient account credit balance or a payment card for the Pay Online option. **Access to DNS provider (for DCV)**: After payment you must prove domain ownership via DNS. You (or your IT/domain administrator) will need to create a DNS TXT record at your domain's DNS provider. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.certinext.io/documentation/certificate-lifecycle-management/ordering-a-certificate/as-a-customer/ordering-ov-public-trust-certificates.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.