I completed DCV but the order is not issued (Brand validation)
Before any SSL certificate can be issued, it is required to complete a specific verification process to ensure that the certificate applicant is the real domain owner (and has relation to the applying company (in case of OV and
EV)). This process usually consists of Domain Control Validation (for all certificates) and business validation (for OV and EV certificates only).
However, there is also an additional verification layer that each certificate application undergoes in the background of the main process. It is called Brand Validation. This is another security mechanism to avoid certificate issuance for malicious purposes.
The system scans the application for matches with specific keywords. The keywords are brand names, common IT terms, terms associated with high-transaction business sites and sites that have a <10.000 Alexa rank (Alexa is the system that evaluates websites in the Internet by their total traffic and unique visitors’ number, putting them into a specific ranking table).
For example, if someone activates a domain validated (DV) certificate for the windows.example.com domain, the windows keyword will trigger Brand Validation, and the order will be, most likely, rejected after Comodo's (now Sectigo) manual review. To avoid this, it is recommended to choose an OV or an EV certificate and to prove one's relation to the Microsoft brand by supplying corresponding documents during company validation.
How to understand that the certificate order was selected for additional Brand Validation.
If you are using the Email DCV method, normally, you’ll receive the following notification after entering the validation code on Comodo’s (now Sectigo) side:
However, if Brand Validation was triggered, you will receive the following notification after entering the code:
Comodo (now Sectigo) usually performs a manual review of these orders within 1 business day.
Unfortunately, there is no way to tell for sure whether your certificate was selected for Brand Validation if you use HTTP or DNS DCV methods. We recommend contacting our support team in such cases for expedited assistance.