+1-SSL-Certificate (+1-775-237-8434) or toll free 877-SSL-Secure
SSL.com Domain Control Validation
Details on the process and how to pass it
Domain Control Validation Overview
In order to establish ownership or authorization to acquire an ssl certificate for a specific domain, proof of control over the domain must be established.
- Domain Control Validation (DCV) can be established by the following methods:
- Email Challenge Response
- File lookup over HTTP
- DNS CNAME lookup for domain
For UCC certificates or any certificate that contains multiple domain names, dcv must be performed on each domain using any of the combinations of methods listed above.
Email Challenge Response
Upon order placement, an email is sent to an email address selected prior during the order process. Contained within this email is a link the the recipient of the email can follow and enter in a validation code found in the email. Once this process occurs, domain control has been established.
- The accepted list of email addresses for a domain that ssl.com is authorized to send the dcv email to is as follows:
- webmaster@
- hostmaster@
- postmaster@
- administrator@
- admin@
- any email address in the whois record for the domain that is visible to ssl.com
File lookup over HTTP
This method requires a file created from the certificate signing request's (csr) hashes be viewable through http on port 80. SSL.com will check for the existence of this file to satisfy domain control validation. This file contains two hashes from the csr. The file name is the MD5 hash of the csr with a .txt extension. Within this file is the SHA-2 hash of the csr followed by a newline and the word comodoca.com.
For instance, if the csr is created for the domain name www.yoursite.com, and the MD5 hash the csr is 8593532A8FA01E6CEBB0B7E85E510D0F, and the SHA-1 hash for the csr is F18B0E3C464CCFE58209272A97ADC0E8C4233BF9, then the dcv file would have the contents:
- F18B0E3C464CCFE58209272A97ADC0E8C4233BF9
- comodoca.com
And the dcv file should be publicly found at
- http://www.yoursite.com/8593532A8FA01E6CEBB0B7E85E510D0F.txt
Upon successful order placement, SSL.com's automated server will look for this file at the above listed url, and if found, domain control validation will be satisfied.
DNS CNAME lookup for domain
This method requires a CNAME entry in the domain's DNS be pointed to sslpki.com. An MD5 hash as well as a SHA-1 hash of the csr are required for this CNAME entry. The CNAME entry should look like:
- <MD5 hash>.<domain> CNAME <SHA-2 hash>.comodoca.com
Using the example csr and hashes in section "File lookup over HTTP", the CNAME dns entry would look like:
- 8593532A8FA01E6CEBB0B7E85E510D0F.yoursite.com CNAME F18B0E3C464CCFE58209272A97ADC0E8C4233BF9.comodoca.com
Upon successful order placement, SSL.com's automated server will look for this dns entry, and if found, domain control validation will be satisfied.
