Skip to main content

Use DNS CNAME to validate a domain on a pending OV or EV TLS certificate

Demonstrate control over a domain on a pending OV or EV TLS/SSL certificate order with DNS CNAME record

Demonstrate control over the domain by creating a DNS CNAME record that includes a DigiCert-generated random value. Use the CNAME record to point the random value and domain to DigiCert at dcv.digicert.com.

For information about this DCV method and other DCV methods, see Demonstrate control over domains on a pending OV or EV TLS certificate order.

Validate domains before adding them to your certificate orders

For faster certificate issuance, validate domains before adding them to your OV/EV TLS certificate orders. To learn more about this domain validation process, see Supported DCV methods for validating domains in your CertCentral account.

Use DNS CNAME record to demonstrate control over a domain on an OV/EV TLS certificate

  1. In your CertCentral account, go to the order's Order # details page.

    1. In the left main menu, go to Certificate > Orders.

    2. On the Orders page, in the Order # column, select the certificate's order number link.

  2. On the Order # details page, in the Certificate status section, check the order's issuance status to see if the order is waiting on domain or organization validation to be completed.

    After validation is completed, the Certificate status section no longer appears on the Order # details page.

  3. Under What do you need to do, select the domain's link you want to validate.

  4. In the Prove control over domain window, in the Domain control validation (DCV) method menu, select DNS CNAME Record and then select Save.

  5. Under 2. Add the DigiCert provided token to your CNAME record, in the Order token box, copy the DigiCert-provided random value.

    The random value expires after 30 days.

  6. Use one of the options below to create your DNS CNAME records:

    1. Option 1. (preferred): Create the DNS CNAME record with the static prefix _dnsauth

      1. Go to your DNS provider’s site and create a new CNAME record.

      2. In the hostname field (or equivalent), enter _dnsauth.

      3. In the record type field (or equivalent), select CNAME.

      4. In the target host field (or equivalent), enter [random_value].dcv.digicert.com to point the CNAME record to dcv.digicert.com.

      5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

      6. Save the record.

    2. Option 2: Create the DNS CNAME record

      1. Go to your DNS provider’s site and create a new CNAME record.

      2. In the hostname field (or equivalent), enter the random value copied from your CertCentral account.

      3. In the record type field (or equivalent), select CNAME.

      4. In the target host field (or equivalent), enter dcv.digicert.com to point the CNAME record to dcv.digicert.com.

      5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

      6. Save the record.

  7. Complete domain validation.

    1. In your CertCentral account, go to the certificate's Order # details page.

    2. On the Order # details page, in the Certificate status section, under What do you need to do, locate and select the domain link.

    3. In the Prove control over domain window, under 5. Complete domain validation, select Check record.

In this section: