Skip to main content

CertCentral DCV methods settings

Before DigiCert can issue your public SSL/TLS certificate, you must demonstrate control over the domains and any SANs (Subject Alternative Names) on the certificate request. We refer to this process as the Domain Control Validation (DCV) process.

You can complete domain validation:

  • During the certificate issuance process for pending new, reissue, and renewal certificates

  • When prevalidating individual domains for quicker OV and EV SSL/ TLS certificate issuance

To make it easier to get your SSL/TLS certificates in your new account, CertCentral provides the following default DCV methods settings when domain validation is required:

  • Displays all available domain control validation (DCV) methods

  • Sets verification email as the default DCV selection setting

  • Allows SSL/TLS certificate requestors to bypass the default setting and select a DCV method for that specific request

However, CertCentral administrators can modify the account DCV settings to meet the needs of their organization.

For example:

  • If you only use one or two methods, you can update your account settings so that only those DCV methods appear when domain validation is required.

  • If you don’t want certificate requestors to view and update DCV methods for a request, you can hide that option on the SSL/TLS certificate request forms.

Note

The DCV method settings do not affect API integrations. When API clients create orders, they can use any DCV method to validate the domains on the order.

Configure available DCV methods

  1. In CertCentral, in the left menu, go to Settings > Preferences.

  2. On the Preferences page, expand Advanced Settings.

  3. In the Domain Control Validation (DCV) section, under DCV methods, check the methods you want to appear when domain validation is required:

    • Verification Email

      The predetermined email recipient follows the instructions in a confirmation email sent to demonstrate control over the domain. The confirmation process consists of visiting the link provided and following the instructions on the page. See Email DCV method.

    • DNS TXT Record

      Place a DigiCert-provided random value in the domain's DNS TXT record to demonstrate control over the domain. When DigiCert searches for a DNS TXT record associated with the domain, we can find a record that includes the DigiCert random value. See DNS TXT DCV method.

    • DNS CNAME Record

      Place a DigiCert-provided random value in the domain's DNS CNAME record to demonstrate control over the domain. When DigiCert searches for a DNS CNAME record associated with the domain, we can find a record that includes the DigiCert random value. See DNS CNAME DCV method.

    • HTTP Practical Demonstration

      Add a file containing a DigiCert-generated random value at a predetermined location on your website. DigiCert visits the specified location to confirm the presence of our random value. See HTTP Practical Demonstration DCV method.

  4. Set the default DCV method

    In the dropdown, select the DCV method you want to use as the default setting when users see an option to choose a DCV method.

  5. SSL/TLS certificate request forms

    To prevent certificate requestors from changing the default DCV method when multiple methods are available, check Hide domain control validation (DCV) methods on the TLS certificate request forms: new, reissues, and renewals.

    You can still change the DCV method per domain on the certificate's pending order details page as needed.

  6. When done, go to the bottom of the page and select Save Settings.

What's next

The next time domain validation is required, the DCV selection will match these account settings.