Add a domain, authorize the domain for certificates, and use DNS TXT as the validation method

Before you begin

Validation Note: Before you can pre-validate a domain for TLS/SSL validation, you must first submit the organization to be pre-validated. Additionally, if you want the domain to be used for OV, EV, and/or Private SSL certificates, you must submit its organization for those matching validation types.

This validation method allows you to demonstrate control over your domain by creating a DNS TXT record containing a randomly generated token as the value. Once the DNS TXT record is created, DigiCert searches the domain's DNS records to confirm the presence of your verification token.

Step I: Add and Authorize a Domain For TLS/SSL Certificates

  1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.

  2. On the Domains page, click New Domain.

  3. On the New Domain page, under Domain Details, enter the following domain information:

    1. Domain Name
      In the box, enter the domain name the certificates will secure (for example, yourdomain.com).
    2. Organization
      In the drop-down list, select the organization you want to assign the domain to.
  4. Under Validate This Domain For, check the validation types you want the domain validated for:

    • OV/EV Domain Validation
      Allows you to order OV and EV SSL/TLS certificates for this domain, such as Standard SSL, Secure Site SSL, and Secure Site Pro EV SSL.
    • Private SSL Domain Validation
      Allows you to order private SSL certificates for this domain, such as Private SSL and Private Multi-Domain SSL.
  5. Under Domain Control Validation (DCV) Method, select DNS TXT Record.

Note: The default DCV method is by verification email.

  1. When you are finished, click Submit for Validation.

Step II: Use DNS TXT Record to Demonstrate Control Over the Domain

  1. Create your DNS TXT record:

    1. Under User Actions, in the Your unique verification token box, copy your verification token.
      To copy the value to your clipboard, single click in the text field.
      Note: The unique verification token expires after thirty days. To generate a new token, click the Generate New Token link.
    2. Go to your DNS provider’s site and create a new TXT record.
    3. In the TXT Value field, paste your verification code you copied from your CertCentral account.
    4. Host field
      1. Base Domain
        If you are validating the base domain, leave the Host field blank, or use the @ symbol (depending on your DNS provider requirements).
      2. Subdomain
        In the Host field, enter the subdomain that you are validating.
    5. In the record type field (or equivalent), select TXT.
    6. Select a Time-to-Live (TTL) value or use your DNS provider's default value.
    7. Save the record.
  1. Verify the DNS TXT record:

    1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.
    2. On the Domains page, in the Domain Name column, click the link for the domain.
    3. On the domain information page (e.g., example.com), at the bottom of the page, click Check TXT.