Before any SSL certificate can be issued, it is required to complete a specific verification process to ensure that the certificate applicant is the real domain owner (and has relation to the applying company (in case of OV and
EV)). This process usually consists of Domain Control Validation (for all certificates) and business validation (for OV and EV certificates only).
However, there is also an additional verification layer that each certificate application undergoes in the background of the main process. It is called Brand Validation. This is another security mechanism to avoid certificate issuance for malicious purposes.
The system scans the application for matches with specific keywords. The keywords are brand names, common IT terms, terms associated with high-transaction business sites and sites that have a <10.000 Alexa rank (Alexa is the system that evaluates websites in the Internet by their total traffic and unique visitors’ number, putting them into a specific ranking table).
For example, if someone activates the certificate for the windows.example.com domain, the “windows” keyword will trigger Brand Validation, and the order will be, most likely, rejected after Comodo's (now Sectigo) manual review. To avoid this, the applicant will need to send an official notification to firstname.lastname@example.org on behalf of Microsoft (which owns the “Windows” brand) to inform Comodo (now Sectigo) about the incoming application. Otherwise, it will be necessary to enroll for an OV certificate.
How to understand that the certificate order was selected for additional Brand Validation.
If you are using the Email DCV method, normally, you’ll receive the following notification after entering the validation code on Comodo’s (now Sectigo) side:
However, if Brand Validation was triggered, you will receive the following notification after entering the code:
Comodo (now Sectigo) usually performs a manual review of these orders within 1 business day.
Unfortunately, there is no way to tell for sure whether your certificate was selected for Brand Validation if you use HTTP or DNS DCV methods. We recommend contacting our support team in such cases for expedited assistance.