Validation types used when obtaining SSL certificates

DP
Denis Pochtarenko
July 2, 2020

Domain Validation (DV)

All certificates should be subject to a domain validation process used to confirm domain name ownership rights.

Three validation methods are available:

Validation via email

You will get an email to admin mailbox of your domain with a unique confirmation code and link. Follow the link and input this unique code to pass the validation.

Permissible email addresses:

  • admin@
  • administrator@
  • webmaster@
  • hostmaster@
  • postmaster@

The following domain validation methods are only available for Comodo certificates.

Validation via DNS record

Your CSR will be hashed. You will be provided with hash values. Then, input a DNS CNAME record of your domain.

CNAME record format will look as follows:

_.. CNAME .[.]comodoca.com.

Notes:

  • SHA-256 hash is divided by a “.” (dot) into two labels 32 of characters each;
  • Be sure to place a dot in the end of a full domain name;
  • When ordering multi-domain certificates, create separate CNAME records for each full domain name in your order;
  • A mnemonic name in a CNAME record for a domain with “www” which a certificate is ordered for, should be without “www” (i.e. if your domain is www.example.com, the record should look like this: _.example.com.).
    _09f7e02f1290be211da707a266f153b3.subdomain1.yourdomain.com. CNAME 3d874ab7b199418a9753111648448163.9eb1f2608f4da5aa3560154ca1b0df53.comodoca.com.
    _9e107d9d372bb6826bd81d3542a419d6.subdomain2.yourdomain.com. CNAME 899826c9c46f25fc70ed08b5811dbb2b.ddf3e6b932e44c6a6a9dc5285057e9db.comodoca.com.

    Validation via a HTTP(S)
    Your CSR will be hashed. You will be provided with hash values. Then, create a text file and save it to a root directory of your website.

    The file and its content should be as follows:

    1. File URL:
    http:///.well-known/pki-validation/.txt

    2. Content:

    comodoca.com

    Notes:

    • Validation will not be completed if the website has redirections;
    • Check if /.well-known/ and /.well-known/pki-validation/ directories exist on the web server;
    • If you order a multi-domain certificate, then each protected domain in the certificate must have a txt file in its root directory;
    • For domains with “www”, validation is based on URLs without “www” (i.e. if you order a certificate for www.example.com domain, then the file must be accessible at http(s)://example.com/.well-known/pki-validation/.txt).

    Examples:

    File name Content
    subdomain1.yourdomain.com/.well-known/pki-validation/09F7E02F1290BE211DA707A266F153B3.txt 770423513bd0765c18e500000baec91976bcd8267a245437b32572665c6ac370 comodoca.com
    subdomain2.yourdomain.com/.well-known/pki-validation/9E107D9D372BB6826BD81D3542A419D6.txt 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7 comodoca.com


    Organization Validation (OV)

    Step 1. Domain validation

    The domain validation process is described in the previous paragraph.

    Step 2. Organization validation

    Can be performed as follows:

    • Certification center checks if the organization exists in the state registry of entities.
    • Public data registers can be used, such as Dun & Bradstreet, Hoovers, Companies House on gov.uk, and Lursoft.lv
    • Address can be confirmed by one of the following documents:
      • organization’s articles of association (address should be specified in it);
      • government license for commercial activity where address is specified;
      • copy of company’s bank account statement for the last 6 months (you can specify account number here);
      • copy of company’s phone bills for the last 6 months;
      • copy of company’s bills for utility services (electricity, water, etc.) for the last 6 months or an existing rental agreement;
    • Notarized letter (Legal Opinion Letter)

    Step 3. Callback

    Certification center employee (or, more frequently, a robot) calls you to confirm certificate request originality and complete validation process.

    After all steps are successfully completed, the certificate is signed and issued.

    Extended Validation (EV)

    Step 1. Filling in certification center forms

    The center sends you special forms to be filled in.

    Step 2. Organization validation

    The organization validation process is described in OV paragraph.

    Step 3. Domain validation

    The domain validation process is described in DV paragraph.

    Step 4. Callback

    Certification center employee calls you to confirm certificate request originality and complete validation process.

    After all steps are successfully completed, the certificate is signed and issued.

    Have questions before you deploy? Contact our Customer Success team to get answers.
    We use cookies to provide our services and for analytics and marketing. To find out more about our use of cookies, please see our Privacy Policy. By continuing to browse our website, you agree to our use of cookies.