11 July, 2022

Everything you need to know about domain validation

The goal of the domain validation process is to ensure that the organization requesting a certificate is, in fact, entitled to request a certificate for the domain in question.

Industry standards prevent Certificate Authorities (CAs), such as DigiCert, from issuing an SSL/TLS certificate until domain control validation is complete.

Domain validation can include emails to contacts listed in a WHOIS record for the domain, as well as emails to default administrative addresses for the domain.

As a first step, the Validation area must verify the domain through DCR (Domain Control Validation). To do this, it is necessary that you have one of the following ALIAS mails or that you can create; In this way, the right of legal use of the domain can be demonstrated:
admin@mydomain.com, administrator@mydomain.com, hostmaster@mydomain.com, postmaster@mydomain.com, webmaster@mydomain.com. For example, we can send an authorization email to administrator@domain.com or webmaster@domain.com, but we would not send an authorization email to tech@domain.com. The Validation area will send an email to the Alias ​​they decide to use. To demonstrate control over the domain, the recipient of the email must follow the instructions in the email sent to the domain. The confirmation process consists of visiting a link provided in the email and approving a link.

If you cannot perform this step, the alternative is the following:

Use the DNS method:
If you have access to the servers, you must generate a TXT file in the DNS in a predetermined place on your site, which must contain the random value indicated.

TXT entry on either [domain name] or _dnsauth.[domain name]

Once the file is created and available on your site, DigiCert will go to the specified URL to confirm the presence of the random value.

Finally, the DigiCert validation department, through a telephone number published in the public directories in the name of your organization (White Pages, Yellow Pages, Dun & Bradstreet, Hoovers or Google Business) will communicate with the corporate contact for the latest data verification.
Said verification is obligatory and unalterable; In this way, the department will be able to verify that said contact works for the company, giving the final ok to the process.

You can coordinate this call with the validator through the online chat with your order number at: https://www.digicert.com/link/chat.php?acct_id=&r=SymDigEsc&lg=en

If you have access to CertCentral, it is possible to perform a domain pre-validation process that allows you to validate your domains before you start requesting certificates for them. Completing domain validation ahead of time allows for faster certificate issuance.

Contáctenos para obtener más información sobre nuestras soluciones.