How does a SSL Certificate Authority know that you own the domain? [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 9 years ago.

Improve this question

What is stopping one from getting a signed SSL certificate to a domain he/she does not own?

I.e. What checks are made to make sure one cannot simply buy a new certificate for google.com and go about doing evil...

Surely the whole point of giving (a ridiculous sum of) money to a CA is so that people are without doubt that the server they are connecting to is the correct one. No?

Thanks.

Answer 1

It is up to the CA to ensure that the person applying for a certificate own the domain.

One method that is often being used for cheap SSL certificates is whois lookup

But methods can vary from CA to CA and the level of trust the certificate gives.