Add a domain, authorize the domain for certificates, and use HTTP practical demonstration as the validation method

Demonstrate control over your domain with HTTP practical demonstration

Demonstrate control over your domain by hosting a .txt file containing a random value at a predetermined location on your website. Once the file is created and placed on your site, DigiCert visits the specified URL to confirm the presence of your unique random value. Make sure to avoid some of the more Common mistakes: HTTP practical demonstration DCV method.

Before you begin

Before you can prevalidate a domain for TLS/SSL certificate validation, you must first submit its organization for prevalidation. Additionally, if you want the domain to be used for OV, EV, and/or Private SSL certificates, you must submit its organization for those matching validation types.

Step I: Add and authorize a domain for TLS/SSL certificate

  1. In your CertCentral account, in the left main menu, go to Certificates > Domains.

  1. On the Domains page, click New Domain.

  1. On the New Domain page, under Domain Details, enter the following domain information:

    • Domain Name
      Enter the domain name the certificates will secure.
    • Organization
      In the dropdown, select the organization you want to assign the domain to.

  1. Under Validate This Domain For, check the validation types for which the domain must be validated.

    • OV/EV Domain Validation
      Allows you to order OV and EV SSL/TLS certificates for this domain, such as Standard SSL, Secure Site SSL, and Secure Site Pro EV SSL.
    • Private SSL Domain Validation
      Allows you to order private SSL certificates for this domain, such as Private SSL and Private Multi-Domain SSL.

  1. Under Domain Control Validation (DCV) Method, select HTTP Practical Demonstration.

  1. When you are finished, click Submit for Validation.

Step II: Use HTTP practical demonstration to demonstrate control over the domain

  1. Create your .txt file:

    1. Under User Actions, in the Your unique verification token box, copy your verification token.
      Note: The unique verification token expires after thirty days. To generate a new token, click the Generate New Token link.
    2. Open a text editor (such as Notepad) and paste in Your unique verification token.
    3. Save the .txt file under this name: fileauth.txt.

  1. Create the .well-known/pki-validation/ directory on your site.

For Windows-based servers, the .well-known folder must be created via command line (mkdir .well-known).

  1. Place the fileauth.txt file on your site under .well-known/pki-validation.

    The URL should look something like this:

    http://[yourdomain]/.well-known/pki-validation/fileauth.txt

  1. Verify the HTTP token

    1. In your CertCentral account, in the left main menu, go to Certificates > Domains.
    2. On the Domains page, in the Domain Name column, click domain link.
    3. On the domain details page (e.g., example.com), at the bottom of the page, click Check HTTP Token.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.