Ask a Question

Advanced Search

Solution ID : SO060619153011

Last Modified : 05/05/2021

Domain Approval Methods | SSL/TLS

Problem

Before DigiCert can issue your certificate, you must prove that you have control over the domains and any Subject Alternative Names (SANs) on your order. We refer to this process as the Domain Control Validation (DCV) process.

Solution

Acceptable Domain Approval Methods:

Method Process
Phone DCV  This method can only be used if the WHOIS information for the domain is NOT privacy-protected.


Both of these steps need to be completed:
  1. DigiCert must call the contact number listed for the Registrant, Administrative, or Technical contact in the WHOIS information for the pending domain.
  2. DigiCert must confirm the following information during the call: 
    • The name and job title of the individual providing authorization
    • The domain being authorized
    • Whether the enrolling organization is authorized to obtain a certificate for the domain
Email DCV

This method is acceptable if DigiCert sends an authorization email to the registered owners of the public domain and receives a confirming response.

 

ONLY the following email addresses are acceptable to use for email DCV:

  1. Email address listed in the WHOIS Registrant, Administrative, or Technical contact information
  2. Any of the following pre-approved email aliases
     at the pending domain:
  • admin
  • administrator
  • hostmaster
  • postmaster
  • webmaster
File Authentication This method is acceptable if you are able to make a file containing a random value available at a specific URL for the pending domain:
  1. DigiCert will provide you with the file name, location and random value
  2. Once the file is added, notify DigiCert to verify that the file was added correctly
DNS TXT

This method is acceptable if you are able to modify the domain's DNS Record to include a TXT record:

  1. DigiCert will provide you with the DNS TXT entry and random value
  2. Once the DNS TXT record has been updated, notify DigiCert to verify that the record was updated correctly
DNS TXT Email

This method is acceptable if you are able to modify the domain's DNS Record to include an email address:

  1. Place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate
  2. RDATA value of this text record must be a valid email address
  3. Once the DNS TXT record has been updated, notify DigiCert to verify that the record was updated correctly
  4. DigiCert will send a DCV email to the email address listed in the DNS TXT record.
CNAME Target

This method is acceptable if you are able to modify the DNS Record to include a CNAME record:

  1. DigiCert will provide you with the random value
  2. Once the random value has been added to the CNAME record, notify DigiCert to verify that the record was updated correctly

Note: This option is only available in CertCentral accounts.