網域控制驗證 (DCV) 方法
使用於 DV TLS/SSL 憑證訂單上驗證網域的支援的 DCV 方法
DigiCert 發行憑證前,您必須證明您對訂單上的網域及任何 SAN (主體別名) 擁有控制權。我們參考作為「網域控制驗證 (DCV)」程序的此程序。
DV 憑證不支援網域預先驗證。因此,每次您訂購 DV 憑證時,您必須證明您對訂單上的網域擁有控制權。在您下訂單後,您需要在 DigiCert 可以發行您的 DV 憑證前完成網域驗證。
Acronyms in this article: domain validation (DV), Transport Security Layer (TLS), Certificate Authorities (CAs) Domain Name System (DNS), text (TXT), Conical Name (CNAME), Certificate Authority Authorization (CAA), Hypertext Transfer Protocol (HTTP)
How the process works when validating domains on a pending DV certificate order
When you order a DV certificate, you’re required to select a DCV method to validate the domains on the certificate. When done, CertCentral takes you to the certificate's pending Order details page. From this page, you can use the selected DCV method to demonstrate control over the domains. You can always switch validation methods if needed.
With DV certificate orders, you can use just one DCV method to validate the domains on the pending order. Consider the following limitations when adding domains, wildcard domains, and IP addresses to DV certificates:
If you have an IP address on the certificate, you must use the HTTP Practical Demonstration DCV method to validate it.
If you have a wildcard domain on the certificate, you can’t use the HTTP Practical Demonstration DCV method to validate it.
DigiCert recommends that you don’t include wildcard domains and IP addresses on the same DV certificate.
DV certificates don’t support domain validation reuse
A DV certificate's domain validation is valid long enough to issue the certificate. DV domain validation isn’t reusable for reissues or renewals. Each time you order a DV certificate, you must demonstrate control over the domains on the order before DigiCert can issue it.
DNS TXT 驗證
DCV type | DCV methods | Resources |
|---|---|---|
Email-based |
| |
DNS-based |
| |
Website-based |
| |
使用此驗證法,您可以將 DigiCert 產生的隨機值 (提供給您的 CertCentral 帳戶中的網域) 新增到網域的 DNS 中作為 TXT 記錄。當 DigiCert 搜尋與網域關聯的 DNS TXT 記錄時,我們可以找到記錄的值包括 DigiCert 隨機值所在的記錄。