Add a domain, authorize the domain for certificates, and use DNS CNAME record as the DCV method

Before you begin

Validation Note: Before you can pre-validate a domain for TLS/SSL validation, you must first submit the organization to be pre-validated. Additionally, if you want the domain to be used for OV, EV, and/or Private SSL certificates, you must submit its organization for those matching validation types.

This validation method allows you to demonstrate control over your domain by creating a DNS CNAME record containing a randomly generated token. The CNAME record is used to point token.domain to DigiCert (

Step I: Add and Authorize a Domain For TLS/SSL Certificates

  1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.

  2. On the Domains page, click New Domain.

  3. On the New Domain page, under Domain Details, enter the following domain information:

    1. Domain Name
      In the box, enter the domain name the certificates will secure (for example,
    2. Organization
      In the drop-down list, select the organization you want to assign the domain to.
  4. Under Validate This Domain For, check the validation types you want the domain validated for:

    • OV/EV Domain Validation
      Allows you to order OV and EV SSL/TLS certificates for this domain, such as Standard SSL, Secure Site SSL, and Secure Site Pro EV SSL.
    • Private SSL Domain Validation
      Allows you to order private SSL certificates for this domain, such as Private SSL and Private Multi-Domain SSL.
  5. Under Domain Control Validation (DCV) Method, select DNS CNAME Record.

Note: The default DCV method is Verification Email.

  1. When you are finished, click Submit for Validation.

Step II: Use DNS CNAME Record to Demonstrate Control Over the Domain

  1. Create the DNS CNAME record:

    1. Under User Actions, in the Your unique verification token box, copy your verification token.
      To copy the value to your clipboard, single click in the text field.
      Note: The unique verification token expires after thirty days. To generate a new token, click the Generate New Token link.
    2. Go to your DNS provider’s site and create a new CNAME record.
    3. In the hostname field (or equivalent), paste the verification token that you copied from your DigiCert account.
    4. In the record type field (or equivalent), select CNAME.
    5. In the target host field (or equivalent), enter (this points the CNAME record to
    6. Select a Time-to-Live (TTL) value or use your DNS provider's default value.
    7. Save the record.
  1. Verify the DNS CNAME record:

    1. In your CertCentral account, in the sidebar menu click Certificates > Domains.
    2. On the Domains page, in the Domain Name column, click the link for the domain.
    3. On the domain information page, at the bottom of the page, click Check CNAME.