All domain-validated certificates must be confirmed before they can be issued. The certifier uses a mechanism, the Domain Control Validation (DCV), which ensures that the applicant is in possession or control of the registered domain.

 

There are basically three different variants of DCV:

E-Mail based DCV (standard)

You will receive an e-mail to the administrative contact of your domain. This message contains a unique validation code and a link. After clicking on the link, you will be taken to the online validation, where you can insert the code.

 

Valid e-mail addresses:

All addresses that are returned to your domain during a whois check.

 

All the following general addresses:

admin@

administrator

postmaster@

hostmaster@

webmaster@

 

DNS CNAME-based:

A hash code is generated from the CSR that you sent to the certifier. The hash value is sent to you and you must add it to your domain as a CNAME entry.

 

The entries should be entered in the following format (e.g. Comodo):

 

<MD5 Hash of the CSR>.yourdomain.com. CNAME <SHA1 Hash of the CSR>.comodoca.com.

 

Note: The final point behind the domain names is necessary. Also note that the „.yourdomain.com“ must be part of the example of the FQDN from your certificate request. If you order an MDC or UCC certificate, then you need your own CNAME entries for all FQDNs of your order:

 

<MD5 Hash of CSR>.subdomain1.yourdomain.com. CNAME <SHA1 Hash of the CSR>.comodoca.com.

<MD5 Hash of the CSR>.subdomain2.yourdomain.com. CNAME <SHA1 Hash of the CSR>.comodoca.com.

 

HTTP-based DCV:

A hash code is generated from the CSR you sent to the certifier. The hash value will be sent to you. Create a plain text file and copy the hash code into it. Place this file in the root directory of your web server. Note that this file is only delivered via HTTP!

 

The file and its contents should look like in this example:

http://ihredomain.de/<MD5 Hash in capital letters of CSR>.txt

 

Content (as plain text file):

<SHA1 Hash of the CSR>

comodoca.com

Note: If the file is delivered via HTTPS over an HTTP 302 redirect, this will result in an error in the verification. Make sure that you only deliver via HTTP for this process.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.