Have a question or solution? Post it at the SSL.com IT Security Q&A community site. All visitors welcome and it's FREE!

SSL Installation Support

Knowledge base and troubleshooting guides for ssl installation issues

Alternative Methods of Domain Control Validation (DCV)
Posted by Mike Harvey on 14 December 2011 03:13 PM

All SSL.com certificates must pass through DCV (Domain Control Validation) before they are issued. DCV is a mechanism used to prove ownership or control of a registered domain name.

There are 3 mechanisms for DCV:
  1. eMail-based DCV (Traditional)

    You will be sent an email to an administrative contact for your domain. The email will contain a unique validation code and link. Clicking the link and entering the code will prove domain control.

  2. DNS CNAME-based

    The CSR you submit to SSL.com will be hashed. The hash values are provided to you and must be entered as a DNS CNAME record for your domain.

    The hashes are to be entered as follows:
    <MD5 hash of CSR>.yourdomain.com.  CNAME  <SHA1 hash of CSR>.comodoca.com.

    Note: Please take notice the trailing period/fullstop at the tail end of each of the TLDs as this is required to make the entry fully-qualified.

  3. HTTP-based DCV

    The CSR you submit to SSL.com will be hashed. The hash values are provided to you and you must create a simple plain-text file and place this in the root of your webserver and served over HTTP-only!

    The file and it's content should be as follows:
    http://yourdomain.com/<Upper case MD5 hash of CSR>.txt

    Content (as a plain text file):

    <SHA1 hash of CSR>

    Note: Serving the page over HTTPS or using an HTTP 302 redirect to an HTTPS will cause a failure of verification. Please use HTTP only for this procedure!

Additional Information

CSR hashes are provided to you once you submit the CSR as part of the ordering process.

(12 votes)
This article was helpful
This article was not helpful

Comments (0)
Post a new comment 
Full Name: