Have a question or solution? Post it at the SSL.com IT Security Q&A community site. All visitors welcome and it's FREE!

SSL Installation Support

Knowledge base and troubleshooting guides for ssl installation issues

Knowledgebase
Alternative Methods of Domain Control Validation (DCV)
Posted by Leonard Grove on 14 December 2011 03:13 PM

All SSL.com certificates must pass through DCV (Domain Control Validation) before they are issued. DCV is a mechanism used to prove ownership or control of a registered domain name.

There are 3 mechanisms for DCV:
  1. eMail-based DCV (Traditional)

    You will be sent an email to an administrative contact for your domain. The email will contain a unique validation code and link. Clicking the link and entering the code will prove domain control.

  2. DNS CNAME-based


    This method requires you to create a CNAME entry in your domain’s DNS record that is pointed at comodoca.com. An MD5 hash as well as a SHA-256 hash of the CSR are required for this CNAME entry.  The CNAME entry should follow this formula:

    _<MD5 hash>.<domain> <TTL> IN CNAME <SHA-256 hash>.comodo.com

    Please notice the underscore at the beginning of the entry, which is required.  Additionally, because the SHA-256 hash is 64 characters long, it will need to be split into two 32-character subdomains.

     

  3. HTTP-based DCV

    The CSR you submit to SSL.com will be hashed. The hash values are provided to you and you must create a simple plain-text file and place this in the root of your webserver and served over HTTP-only!

    The file and it's content should be as follows:
    http://yourdomain.com/.well-known/pki-validation/<Upper case MD5 hash of CSR>.txt

    Content (as a plain text file):

    <SHA1 hash of CSR>
    comodoca.com

    Note: Serving the page over HTTPS or using an HTTP 302 redirect to an HTTPS will cause a failure of verification. Please use HTTP only for this procedure!

Additional Information

CSR hashes are provided to you once you submit the CSR as part of the ordering process.


(13 votes)
This article was helpful
This article was not helpful

Comments (0)
Post a new comment 
 
Full Name:
Email:
Comments:
©2013 SSL CORP ALL RIGHTS RESERVED.