Skip to main content

Add a domain, authorize the domain for certificates, and use DNS CNAME record as the DCV method

Demonstrate control over your domain with a DNS CNAME Record

Before you begin


Before you can prevalidate a domain for SSL/TLS validation, you must first submit its organization for prevalidation. Additionally, if you want the domain to be used for OV, EV, and/or Private SSL certificates, you must submit its organization for those matching validation types.

Demonstrate control over your domain by creating a DNS CNAME record containing a randomly generated token. The CNAME record is used to point the token and domain to DigiCert (

Step I: Add and authorize a domain for SSL/TLS certificates

  1. In your CertCentral account, in the left main menu, go to Certificates > Domains.

  2. On the Domains page, select New Domain.

  3. On the New Domain page, under Domain Details, enter the domain and organization information.

    1. Domain Name

      In the box, enter the domain name the certificates will secure.

    2. Organization

      In the dropdown, select the organization to which you want to assign the domain.

  4. Under Domain Control Validation (DCV) Method, select DNS CNAME Record.


    The default DCV method is Verification Email.

  5. When you are finished, select Submit for Validation.

Step II: Use DNS CNAME record to demonstrate control over the domain

  1. Create the DNS CNAME record:

    1. Under User Actions, in the Your unique verification token box, copy your verification token. To copy the value to your clipboard, single-click in the text field.


      The unique verification token expires after 30 days. To generate a new token, click the Generate New Token link.

    2. Go to your DNS provider’s site and create a new CNAME record.

    3. In the hostname field (or equivalent), paste the verification token that you copied from your DigiCert account.

    4. In the record type field (or equivalent), select CNAME.

    5. In the target host field (or equivalent), enter (this points the CNAME record to

    6. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

    7. Save the record.

  2. Verify the DNS CNAME record:

    1. In your CertCentral account, in the left main menu, go to Certificates > Domains.

    2. On the Domains page, in the Domain Name column, select the domain link.

    3. On the domain information page, at the bottom of the page, select Check CNAME.