Add a domain, authorize the domain for certificates, and use HTTP practical demonstration as the validation method

Before you begin

Validation Note: Before you can pre-validate a domain for TLS/SSL validation, you must first submit the organization to be pre-validated. Additionally, if you want the domain to be used for OV, EV, and/or Private SSL certificates, you must submit its organization for those matching validation types.

This validation method allows you to demonstrate control over your domain by hosting a .txt file containing a randomly generated token value at a predetermined location on your website. Once the file is created and placed on your site, DigiCert visits the specified URL to confirm the presence of your verification token. Make sure to avoid some of the more Common mistakes: HTTP practical demonstration DCV method.

Step I: Add and Authorize a Domain for TLS/SSL Certificate

  1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.

  2. On the Domains page, click New Domain.

  3. On the New Domain page, under Domain Details, enter the following domain information:

    1. Domain Name
      In the box, enter the domain name the certificates will secure (for example, yourdomain.com).
    2. Organization
      In the drop-down list, select the organization you want to assign the domain to.

  4. Under Validate This Domain For, check the validation types for which the domain must be validated.

    • OV/EV Domain Validation
      Allows you to order OV and EV SSL/TLS certificates for this domain, such as Standard SSL, Secure Site SSL, and Secure Site Pro EV SSL.
    • Private SSL Domain Validation
      Allows you to order private SSL certificates for this domain, such as Private SSL and Private Multi-Domain SSL.

  5. Under Domain Control Validation (DCV) Method, select HTTP Practical Demonstration.

Note: The default DCV method is by verification email.

  1. When you are finished, click Submit for Validation.

Step II: Use HTTP Practical Demonstration to Demonstrate Control Over the Domain

Create Your .txt File:

  1. Create your .txt file:

    1. Under User Actions, in the Your unique verification token box, copy your verification token.
      To copy the value to your clipboard, single click in the text field.
      Note: The unique verification token expires after thirty days. To generate a new token, click the Generate New Token link.
    2. Open a text editor (such as Notepad) and paste in Your unique verification token.
    3. In Your HTTP token URL, the string after pki-validation/ is the name of your .txt file.
      For example, if Your HTTP token URL is http://example.com/.well-known/pki-validation/c7e2ff0c848e4707594066cc860.txt, then, your file name is c7e2ff0c848e4707594066cc860.txt
    4. Save the .txt file under this name (for example, c7e2ff0c848e4707594066cc860.txt).

  1. Create the .well-known/pki-validation/ directory:

    Create the .well-known/pki-validation/ directory on your site and place your .txt file in it.

Note: On Windows-based servers, the .well-known folder must be created via command line (mkdir .well-known).

  1. Verify the HTTP token

    1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.
    2. On the Domains page, in the Domain Name column, click the link for the domain.
    3. On the domain information page (e.g., example.com), at the bottom of the page, click Check HTTP Token.

Troubleshooting tips

Verify the URL matches exactly, making sure that the URL for your web page matches the DigiCert provided URL.

  • http://YourDomain.com/.well-known/pki-validation/[filename].txt

Where YourDomain.com matches the domain that you are validating, and [filename].txt matches the unique hash provided by DigiCert under Your HTTP token URL (for example, c7e2ff0c848e4707594066cc860.txt).

If you are missing a period, a number, or a letter, validation cannot be completed.

About

DigiCert is the world’s premier provider of high—assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions.

©2019 DigiCert, Inc. All rights reserved. DigiCert and its logo are registered trademarks of DigiCert, Inc. Symantec and Norton and their logos are trademarks used under license from Symantec Corporation. Other names may be trademarks of their respective owners.