20 Apr 2014 
Comodo Support Home |
Support Center » Knowledgebase » Alternative Methods of Domain Control Validation (DCV)
 Alternative Methods of Domain Control Validation (DCV)

All Comodo certificates must pass through DCV (Domain Control Validation) before they are issued. DCV is a mechanism used to prove ownership or control of a registered domain name.

There are 3 mechanisms for DCV:
  1. eMail-based DCV (Traditional)

    You will be sent an email to an administrative contact for your domain. The email will contain a unique validation code and link. Clicking the link and entering the code will prove domain control.

    Valid email addresses are:
    Any email address which our system can scrape from the Admin, Tech or Registrant contacts shown in a port 43 whois check;

    The following generic admin type email addresses @ the domain for which the certificate is being applied:

  2. DNS CNAME-based

    The CSR you submit to Comodo will be hashed. The hash values are provided to you and must be entered as a DNS CNAME record for your domain.

    The hashes are to be entered as follows:
    <MD5 hash of CSR>.yourdomain.com.  CNAME  <SHA1 hash of CSR>.comodoca.com.

    Note: Please take notice the trailing period/fullstop at the tail end of each of the TLDs as this is required to make the entry fully-qualified.

    Note2: Note that yourdomain.com in the example above (and below in the HTTP method instructions)means the Fully Qualified Domain Name (FQDN) contained in the certificate. If you are ordering a MDC or UCC certificate, separate CNAME records must be created for EACH FQDN in your order. Examples:
    <MD5 hash of CSR>.subdomain1.yourdomain.com.  CNAME  <SHA1 hash of CSR>.comodoca.com.
    <MD5 hash of CSR>.subdomain2.yourdomain.com.  CNAME  <SHA1 hash of CSR>.comodoca.com.

  3. HTTP-based DCV

    The CSR you submit to Comodo will be hashed. The hash values are provided to you and you must create a simple plain-text file and place this in the root of your webserver and served over HTTP-only!

    The file and it's content should be as follows:
    http://yourdomain.com/<Upper case MD5 hash of CSR>.txt

    Content (as a plain text file):

    <SHA1 hash of CSR>

    Note: Our system will not follow redirects of any kind. The text file MUST be found either on the exact FQDN contained in the certificate (this_certificate.example.com), OR at the primary domain level (example.com). For wildcard certificates ONLY the primary domain level will work.

Additional Information

In the event that you were not provided with your CSR hashes, then you may use our Online CSR Decoder.

We recommend:

* Uncheck Show Empty Fields
* Check Show CSR Hashes

before providing your CSR and clicking the Decode Button.

Article Details
Article ID: 1367
Created On: 13 Sep 2011 09:48 AM

 This answer was helpful  This answer was not helpful

 Login [Lost Password] 
Remember Me:
 Latest News  
 Article Options
Support Home | Comodo Home | Submit a Ticket | Knowledgebase | Troubleshooter | News | Downloads

by Kayako SupportSuite v3.70.02