All Comodo certificates must pass through DCV (Domain Control Validation) before they are issued.
DCV is a mechanism used to prove ownership or control of a registered domain name.
There are 3 mechanisms for DCV:
- eMail-based DCV (Traditional)
You will be sent an email to an administrative contact for your domain.
The email will contain a unique validation code and link. Clicking the link and entering the code will prove domain control.
Valid email addresses are:
Any email address which our system can scrape from a port 43 whois check;
The following generic admin type email addresses @ the domain for which the certificate is being applied:
- DNS CNAME-based
The CSR you submit to Comodo will be hashed. The hash values are provided to you and must be entered as a DNS CNAME record for your domain.
The hashes are to be entered as follows:
<MD5 hash of CSR>.yourdomain.com. CNAME <SHA1 hash of CSR>.comodoca.com.
Note: Please take notice the trailing period/fullstop at the tail end of each of the TLDs as this is required to make the entry fully-qualified.
Note2: Note that yourdomain.com in the example above (and below in the HTTP method instructions)means the Fully Qualified Domain Name (FQDN) contained in the certificate. If you are ordering a MDC or UCC certificate, separate CNAME records must be created for EACH FQDN in your order. Examples:
<MD5 hash of CSR>.subdomain1.yourdomain.com. CNAME <SHA1 hash of CSR>.comodoca.com.
<MD5 hash of CSR>.subdomain2.yourdomain.com. CNAME <SHA1 hash of CSR>.comodoca.com.
- HTTP-based DCV
The CSR you submit to Comodo will be hashed. The hash values are provided to you and you must create a simple plain-text file and place this in the root of your webserver and served over HTTP-only!
The file and it's content should be as follows:
http://yourdomain.com/<Upper case MD5 hash of CSR>.txt
Content (as a plain text file):
<SHA1 hash of CSR>
In the event that you were not provided with your CSR hashes, then you may use our Online CSR Decoder.
* Uncheck Show Empty Fields
* Check Show CSR Hashes
before providing your CSR and clicking the Decode Button.