도메인 사전 유효성 검사에 대해 지원되는 DCV(도메인 제어 유효성 검사) 방법
도메인 사전 유효성 검사: DCV 방법
DigiCert가 SSL/TLS 인증서를 발급하기 전에 주문서의 도메인 및 SAN(주체 대체 이름)에 대한 제어를 증명해야 합니다. 이 절차를 DCV(도메인 제어 유효성 검사) 절차라고 부릅니다.
DigiCert는 현재 다음 DCV 방법을 지원합니다:
DNS TXT 연락처에 이메일
DNS TXT 연락처에 이메일
지정된 이메일
주의
End of life for the WHOIS-based Email
On May 8, 2025, DigiCert ended support for the WHOIS-based domain control validation method (DCV) email method. DigiCert systems have stopped querying WHOIS entirely to find email addresses for domain validations. To learn more about this change, see our knowledge base article, End of life for WHOIS-based DCV methods.
What should I do?
Update your domain validation process to use one of the other supported DCV methods. To continue using the Email DCV method, use the DNS TXT record email contacts or the Constructed email method.
DNS CNAME
DNS TXT
HTTP 실제 증명(파일 또는 FileAuth라고도 함)
HTTP 실제 증명(파일 또는 FileAuth라고도 함)
To validate your domains, you can prevalidate your domains or do the DCV as part of the certificate request process. Per industry standards, a domain's validation is valid for 397 days (approximately 13 months).
Domain prevalidation
CertCentral features a domain prevalidation process that allows you to validate your domains before you begin ordering certificates for them. Validating the domain ahead of time allows for quicker certificate issuance.
For immediate certificate issuance, Domain prevalidation is required. See OV/EV certificate immediate issuance.
중요
DV TLS certificates don't support domain prevalidation
Each time you order a DV TLS certificate, you must demonstrate control over the domains on the order. Once you submit the order, you need to finish the domain validation before DigiCert can issue your DV certificate. See Supported DCV methods for validating the domains on DV TLS/SSL certificate orders.
Demonstrating control over domains on DV/OV/EV TSL/SSL certificate orders
While ordering a certificate, you select a DCV method to demonstrate control over the domains on the order. On the certificate's Order details page, use the DCV method selected during the order process to validate your domains. You can always switch validation methods if needed. See Demonstrate control over domains on a pending certificate order.
이메일 DCV 방법
With this validation method, DigiCert sends two sets of DCV emails: DNS TXT-based and constructed.
도메인에 대한 제어를 증명하려면 이메일 수신자는 도메인에 대해 보낸 확인 이메일에서 지시 시항을 따릅니다. 확인 절차는 제공한 링크의 방문 및 이 페이지의 설명을 따르는 것으로 구성됩니다.
Note: DigiCert sends this email from no-reply@digitalcertvalidation.com. If using allowlist, make sure to include digitalcertvalidation.com.
See Add a domain and validate it using the Email DCV method.
DNS TXT 연락처에 이메일 DCV 방법
For this method, DigiCert sends an authorization email to the email in the DNS TXT record on the _validation-contactemail subdomain of the domain being validated. While validating a domain, make sure to select the Verification email DCV method.
To configure your CertCentral Email DCV method to send the confirmation email to DNS TXT contacts, do the following:
Place the DNS TXT record on the
_validation-contactemailsubdomain of the domain you want to validate. The RDATA value of this text record must be a valid email address.이름
TTL
메시지
_validation-contactemail기본값
validatedomain@digicerttest.com
DigiCert recommends adding a distribution list rather than a personal email address. A distribution list allows you to create a "non-expiring" email address to which you can add or remove people if necessary.
Update your CertCentral account settings to send the verification DCV emails to Org/Tech/Admin contacts from DNS TXT.
In CertCentral, in the left menu, go to Settings > Preferences.
On the Preferences page, select Advanced Settings.
In the Domain Control Validation (DCV) section under Send verification DCV emails to, select Org/Tech/Admin contacts from DNS TXT.
Go to the bottom of the page and select Save Settings.
See our instructions for Adding a domain and validate it using the Email DCV method.
지정된 이메일 DCV 방법
지정된 이메일 방법에서 DigiCert는 도메인에 대한 5개 지정된 이메일 주소(admin, administrator, webmaster, hostmaster 및 postmaster @[domain_name])로 이메일을 보냅니다
If we can't find an MX record for [domain_name], you must use another supported DCV methods to demonstrate your control over the domain. See MX records (mail exchanger records).
Background
While registering a domain, you must provide contact information, such as administrative and technical contacts. Instead of using a personal email address, you can use one of the constructed email addresses for your domain, such as webmaster@yourdomain. Using a constructed email address allows you to create a "non-expiring" email address that you can add or remove people from if necessary.
MX 레코드 (메일 교환 레코드)
도메인 소유자(또는 도메인 제어자)에게 인증 이메일(DCV 이메일)을 보내기 전에 저희는 MX 레코드(도메인 이름 시스템)가 수신자의 도메인 이름의 DNS 레코드에 존재하는 것을 확인해야 합니다. 유효한 MX 레코드가 있으면 저희는 인증 이메일을 보낼 수 있습니다.
예를 들어, example.com의 지정된 이메일 주소 중 하나, admin@example.com에서 DCV 이메일을 받을 수 있습니다. DCV 이메일을 admin@example.com에게 보내려면 저희는 먼저 admin@example.com으로 발송한 이메일을 수신하도록 설정된 서버(예, mailhost.example.com)를 식별하는 해당 주소에 대한 MX 레코드를 찾아야 합니다.
DNS TXT DCV 방법
DigiCert에서 생성한 토큰(CertCentral 계정의 도메인에 대해 제공)을 도메인의 DNS에 TXT 레코드로 추가합니다. DigiCert가 이 도메인과 연결된 DNS TXT 레코드를 검색할 때 레코드의 값이 DigiCert 확인 토큰을 포함하는 레코드를 찾을 수 있습니다.
DNS CNAME DCV 방법
If your domain has a CNAME record pointing to another domain (for example, yourdomain.com points to yourdomain.net), use this method to validate your domain.
To set up your domain's CNAME record, add the static prefix _dnsauth to the hostname field and [random_value].dcv.digicert.com as the CNAME target. Once DigiCert checks for a DNS CNAME record for your domain, we can find a record that includes the DigiCert-generated random value.
참조: 도메인 추가, 도메인을 인증서에 대해 권한 부여 및 DNS CNAME 레코드를 DCV 방법으로 사용.
HTTP 실제 증명 DCV 방법(파일 또는 FileAuth라고도 함)
Use the HTTP Practical Demonstration DCV methods to demonstrate control over fully qualified domain names (FQDNs) exactly as named. To learn more, go to Domain Validation Policy Changes.
Validating IPv4 and IPv6 address
Per industry regulations, you must use the HTTP Practical Demonstration DCV method to demonstrate control over IPv4 and IPv6 addresses.
Use one of the other supported DCV methods to:
Validate wildcard domains, such as *.example.com.
Include subdomains in the validation while validating a higher-level domain. For example, if you want to cover www.example.com, mail.example.com, and one.example.com while validating the higher-level domain example.com.
Validate entire domains and subdomains.
HTTP Practical Demonstration
Host a file containing a DigiCert generated random value (provided for the domain in your CertCentral account) at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/fileauth.txt.
Once you create the file and place it on your site, DigiCert goes to the specified URL to confirm the presence of our random value. See 도메인 추가, 도메인을 인증서에 대해 권한 부여 및 HTTP 실제 증명을 유효성 검사 방법으로 사용.
HTTP Practical Demonstration with unique filename
Host a file with a random filename containing a DigiCert-generated random value at a predetermined location: http://{domain-name}/.well-known/pki-validation/{unique-filename}.txt.
Once you create the file and place it on your site, DigiCert goes to the specified URL to confirm the presence of our random value. See Validate a Domain using HTTP practical demonstration with unique filename.
주의
DV TLS certificates don’t support the HTTP Practical Demonstration with unique filename DCV method.