Before any SSL certificate can be issued, it is required to complete a specific verification process to ensure that the certificate applicant is the real domain owner, and has relation to the applying company in case of OV and EV. This process usually consists of Domain Control Validation (for all certificates) and business validation (for OV and EV certificates only).

However, there is also an additional verification layer that each certificate application undergoes in the background of the main process. It is called Brand Validation. This is another security mechanism to avoid certificate issuance for malicious purposes.

The system scans the application for matches with specific keywords. The keywords are brand names, common IT terms, terms associated with high-transaction business sites and sites that have a <10.000 Alexa rank. Alexa is the system that evaluates websites in the Internet by their total traffic and the number of unique visitors, putting them into a specific ranking table.

For example, if someone activates a domain validated (DV) certificate for the windows.example.com domain, the windows keyword will trigger Brand Validation, and the order will be, most likely, rejected after Comodo's (now Sectigo) manual review. To avoid this, it is recommended to choose an OV or an EV certificate and to prove one's relation to the Microsoft brand by supplying corresponding documents during company validation.

How to understand that the certificate order was selected for additional Brand Validation.

To check the progress status, use the convenient SSL Validation Tool.