Can you send my SSL approval email to another email address

Website Security

An almost weekly question we get from clients when approving new or renewal SSL certificates is “Can you send my SSL approval email to this other email address?” rather than one of the five “authoritative” email accounts they are asked to choose from. The request will typically be “Can you just send it to my Gmail/Hotmail/other domain email address”. Unfortunately this isn’t possible as we’ll explain below.

But first, let’s look at the two primary types of SSL certificates, “Domain Validated” certificates, and “Extended Validation” certificates.

Most lower cost SSL certificates are “Domain Validated” certificates. Issuing these certificates rely on the recipient proving ownership of the domain they are requesting the certificate for.

In comparison, “EV” certificates, or Extended Validation certificates rely on additional business documentation being provided to the issuer. This to verify that the recipient of the certificate is not only the owner of that domain, but the business name shown by the browser is accurate. EV certificates typically show the business name in the browser window like below.

Extended Validation certificate for PayPal in Google Chrome

In order to validate a domain validated certificate, the certificate issuer (Sectigo in our case) requires an approval email to be sent to an “authoritative” email account on the domain being covered by the certificate. The logic is that if the person requesting the certificate has access to one of these five email accounts, they are considered as having authority to approve the issuance of the certificate for that domain.

The five email accounts you can use for validation of your certificate for the example domain “demo.com” would be

  • admin@demo.com
  • administrator@demo.com
  • hostmaster@demo.com
  • webmaster@demo.com
  • postmaster@demo.com

You do not need to have a full email account setup for this purpose. Most email services allow you to add alias email addresses to existing email accounts. You would just need ask whomever manages your email server to add one of these aliases to one of your accounts.

When the certificate order is processed, Sectigo will send an approval email to the selected contact. You can then click on the approval link in the email, enter the validation code, and approve the generation of the certificate.

Facebook
Twitter
LinkedIn