Once the CSR file has been created, it will be sent with to the Certificate Authority during the Secure SSL Certificate enrollment process. Additional details such as the type of SSL certificate, validity period, contact information, and payment information will be requested. Some Certificate Authorities will request a phone number for verification during the enrollment process. An authorization code may be emailed to the email account used to purchase the SSL Certificate. The Certificate Authority will call the phone number used and request the authorization number that was emailed to the account.
The Certificate Authority may also have a process for domain control validation, which is used to verify that the request being made to use the domain is a valid request issued by the owner of the domain. This authentication process will vary by Certificate Authority, however the process may include sending an email to the domain administrator. The Certificate Authority may ask you to select from a list of common administrative emails using your domain. For example, the list may include firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, and so on.
The Certificate Authority will sign the key and provide a new certificate file, generally through email. This process may take a few days, depending on the domain validation and the Certificate Authority may request additional information about your organization such as business registration documentation, articles of incorporation, business license, and so on. Some SSL certificates, such as Extended Validation (EV) SSL certificates may require additional information and time to be processed.