Add a domain, authorize the domain for certificates, and use DNS TXT as the validation method

Demonstrate control over your domain with a DNS TXT Record

Before you begin

Validation Note: Before you can prevalidate a domain for TLS/SSL validation, you must first submit its organization for prevalidation. Additionally, if you want the domain to be used for OV, EV, and/or Private SSL certificates, you must submit its organization for those matching validation types.

Demonstrate control over your domain by creating a DNS TXT record containing a randomly generated token as the value. Once the DNS TXT record is created, DigiCert searches the domain's DNS records to confirm the presence of your verification token.

Step I: Add and authorize a aomain for TLS/SSL certificates

  1. In your CertCentral account, in the left main menu, go Certificates > Domains.

  2. On the Domains page, click New Domain.

  3. On the New Domain page, under Domain Details, enter the following domain information:

    1. Domain Name
      In the box, enter the domain name the certificates will secure.
    2. Organization
      In the dropdown, select the organization you want to assign the domain to.
  4. Under Validate This Domain For, check the validation types you want the domain validated for:

    • OV/EV Domain Validation
      Allows you to order OV and EV SSL/TLS certificates for this domain, such as Standard SSL, Secure Site SSL, and Secure Site Pro EV SSL.
    • Private SSL Domain Validation
      Allows you to order private SSL certificates for this domain, such as Private SSL and Private Multi-Domain SSL.
  5. Under Domain Control Validation (DCV) Method, select DNS TXT Record.

Note: The default DCV method is Verification Email.

  1. When you are finished, click Submit for Validation.

Step II: Use DNS TXT record to demonstrate control over the domain

  1. Create your DNS TXT record:

    1. Under User Actions, in the Your unique verification token box, copy your verification token. To copy the value to your clipboard, single-click in the text field.
      Note: The unique verification token expires after 30 days. To generate a new token, click the Generate New Token link.
    2. Go to your DNS provider’s site and create a new TXT record.
    3. In the TXT Value field, paste the verification code you copied from your CertCentral account.
    4. Host field:
      1. Base Domain
        If you are validating the base domain, leave the Host field blank. Alternatively, use the @ symbol (depending on your DNS provider requirements).
      2. Subdomain
        In the Host field, enter the subdomain that you are validating.
    5. In the record type field (or equivalent), select TXT.
    6. Select a Time-to-Live (TTL) value or use your DNS provider's default value.
    7. Save the record.
  1. Verify the DNS TXT record:

    1. In your CertCentral account, in the left main menu, go to Certificates > Domains.
    2. On the Domains page, in the Domain Name column, click the domain link.
    3. On the domain information page, at the bottom of the page, click Check TXT.