DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Domain Approval Methods | SSL/TLS

Solution ID : SO060619153011
Last Modified : 10/21/2023

Scenario 

Before DigiCert can issue your certificate, you must prove that you have control over the domains and any Subject Alternative Names (SANs) on your order. We refer to this process as the Domain Control Validation (DCV) process.

 

Solution

Acceptable Domain Approval Methods:

Method

Process

Phone DCV

This method can only be used if the WHOIS information for the domain is NOT privacy-protected.

Both of these steps need to be completed:

  1. DigiCert must call the contact number listed for the Registrant, Administrative, or Technical contact in the WHOIS information for the pending domain.
  2. DigiCert must confirm the following information during the call: 
    1. The name and job title of the individual providing authorization
    2. The domain being authorized
    3. Whether the enrolling organization is authorized to obtain a certificate for the domain

Email DCV

This method is acceptable if DigiCert sends an authorization email to the registered owners of the public domain and receives a confirming response.

ONLY the following email addresses are acceptable to use for email DCV:

  1. Email address listed in the WHOIS Registrant, Administrative, or Technical contact information
  2. Any of the following pre-approved email aliases at the pending domain:

    • admin
    • administrator
    • hostmaster
    • postmaster
    • webmaster

File Authentication

This method is acceptable if you are able to make a file containing a random value available at a specific URL for the pending domain:

  1. DigiCert will provide you with the file name, location and random value
  2. Once the file is added, notify DigiCert to verify that the file was added correctly

DNS TXT

This method is acceptable if you are able to modify the domain's DNS Record to include a TXT record:

  1. DigiCert will provide you with the DNS TXT entry and random value
  2. Once the DNS TXT record has been updated, notify DigiCert to verify that the record was updated correctly

DNS TXT Email

This method is acceptable if you are able to modify the domain's DNS Record to include an email address:

  1. Place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate
  2. RDATA value of this text record must be a valid email address
  3. Once the DNS TXT record has been updated, notify DigiCert to verify that the record was updated correctly
  4. DigiCert will send a DCV email to the email address listed in the DNS TXT record.

CNAME Target

This method is acceptable if you are able to modify the DNS Record to include a CNAME record:

  1. DigiCert will provide you with the random value
  2. Once the random value has been added to the CNAME record, notify DigiCert to verify that the record was updated correctly
Note: This option is only available in CertCentral accounts.

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.