Before issuing an SSL certificate, the Certification Authority (CA) verifies that the person making the request is authorized to use the domain for which the certificate is being requested. The CA sends an e-mail message to the domain administrator (the administrative or registrant contact, as listed in the Whois database) to validate domain control. If there is no contact information in the Whois database or the information is no longer valid, the customer may instead request a Domain Authorization Letter from his/her registrar and submit that letter to the CA as proof of domain control.
If the administrative/registrant contact fails to approve the certificate request, the request is denied.
This authentication process ensures that only an individual who has control of the domain in the request can obtain a certificate for that domain.