域控制验证 (DCV) 方法
支持用于验证 DV TLS/SSL 证书订单上的域的 DCV 方法
必须在您证明对订单上的域以及任何 SAN(使用者可选名称)的控制权后,DigiCert 才能颁发证书。我们将该流程称为域控制验证 (DCV) 流程。
DV 证书不支持域预验证。因此,每次您订购 DV 证书时,都必须证明对订单上的域的控制权。下单后,您需要完成域验证,DigiCert 才能颁发您的 DV 证书。
Acronyms in this article: domain validation (DV), Transport Security Layer (TLS), Certificate Authorities (CAs) Domain Name System (DNS), text (TXT), Conical Name (CNAME), Certificate Authority Authorization (CAA), Hypertext Transfer Protocol (HTTP)
How the process works when validating domains on a pending DV certificate order
When you order a DV certificate, you’re required to select a DCV method to validate the domains on the certificate. When done, CertCentral takes you to the certificate's pending Order details page. From this page, you can use the selected DCV method to demonstrate control over the domains. You can always switch validation methods if needed.
With DV certificate orders, you can use just one DCV method to validate the domains on the pending order. Consider the following limitations when adding domains, wildcard domains, and IP addresses to DV certificates:
If you have an IP address on the certificate, you must use the HTTP Practical Demonstration DCV method to validate it.
If you have a wildcard domain on the certificate, you can’t use the HTTP Practical Demonstration DCV method to validate it.
DigiCert recommends that you don’t include wildcard domains and IP addresses on the same DV certificate.
DV certificates don’t support domain validation reuse
A DV certificate's domain validation is valid long enough to issue the certificate. DV domain validation isn’t reusable for reissues or renewals. Each time you order a DV certificate, you must demonstrate control over the domains on the order before DigiCert can issue it.
DNS TXT 验证
DCV type | DCV methods | Resources |
|---|---|---|
Email-based |
| |
DNS-based |
| |
Website-based |
| |
通过此验证方法,您将 DigiCert 生成的随机值(为您的 CertCentral 帐户中的域提供)添加到域的 DNS 中作为 TXT 记录。当 DigiCert 搜索与域相关的 DNS TXT 记录时,我们可以找到记录,其中的值包括 DigiCert 随机值。