We've created this section to describe our customers the domain control validation (DCV) processes and how can they accomplish it.
Domain Control Validation is an industry standard directive that requires all CA (Certificate Authorities) to validate certificate requester's control over domain before they can issue a certificate to a domain.
Before we jump to DCV process, let's understand what validation is.
A validation is a process where CA verifies a certificate requester's information prior to the issuance of a certificate. Currently, there are 3 levels of validation followed by Certificate Authorities: Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV).
Prior to issuance of any SSL certificate, the domain name must pass DCV. The certificate issuing CA confirms that the certificate requester has control over the domain for which the certificate enrollment is being made.
The certificate applicant can complete DCV using any one of three supported methods – Email, HTTP/HTTPS or CNAME. Let's learn more about each of DCV method below.
To successfully go through the validation of a DV certificate, all you need to do is to prove that you own the domain that you submitted for the order.
This is the most preferred method for domain control validation. When using email-based authentication, the CA will send an email to an administrative contact for your domain. This email contains a unique validation code and a link. The applicant needs to open the link and must paste the provided validation code. Doing this will prove the domain control.
The list of acceptable email addresses for any given domain are:
In case if you are not able to finish the validation process via email, you can go for either HTTP/HTTPS DCV or CNAME DCV.
In this method, the CA will provide you a txt file containing a unique code. You're required to upload this txt (.txt) file on the /.well-known/pki-validation/ folder of the domain undergoing DCV. To complete the domain verification, the certificate issuing CA system will verifies the file presence and content of this file via HTTP or HTTPS.
The third method for the domain control validation is DNS CNAME Record DCV Method. In this type of validation method, the CA will supply you two specific hashes (hash values) one hash value using the MD5 algorithm and another has value using the SHA-1. You must create a CNAME record in your domain DNS setting. Once done, the CA automated system will check the presence of two provided hashes in your domain DNS records.
We always welcome feedback or comments from our customers and site visitors. Please contact us, if your questions or doubts are not covered here.