Skip to main content

添加域、授权证书的域和使用 DNS CNAME 记录作为 DCV 方法

通过 DNS CNAME 记录证明对域的控制权

Use these instructions to add a domain to your CertCentral account and validate it using the DNS CNAME domain control validation (DCV) method. In the domain's DNS as a CNAME record, add _dnsauth in the hostname field. Then, add [random_value].dcv.digicert.com to the target host field, to point the random value and domain to DigiCert at dcv.digicert.com.

在开始之前

通过创建包含随机生成令牌的 DNS CNAME 记录来证明对域的控制权。CNAME 记录用于将令牌和域指向 DigiCert (dcv.digicert.com)。

To use the domain in organization validation (OV), extended validation (EV), or private TLS/SSL or Secure Email certificates, you must submit the organization for validation. See the Submit an organization for validation instructions.

Once you have an organization, add a domain to the account and assign it to an organization.

第 1 步:添加和授权用于 TLS/SSL 证书的域

  1. In CertCentral, in the left main menu, go to Certificates > Domains.

    For CertCentral Subscription accounts, in the left menu, go to Validation > Domains.

  2. 页面上,单击新域

  3. 新域页面的域详细信息下,输入域和组织信息。

    1. 域名

      在框中输入证书要保护的域名。

    2. 组织

      在下拉列表中,选择您要向其分配域的组织。

  4. 域控制验证 (DCV) 方法下,选择 DNS CNAME 记录

  5. 完成后,单击提交验证

第 2 步:使用 DNS CNAME 记录证明对域的控制权

  1. On the domain's page, in the Domain control validation (DCV) method section, under User actions, copy the random value from Your unique verification token.

    The unique verification token expires in 30 days. To generate a new token, select the Generate New Token link.

  2. Use one of these options to create your DNS CNAME record.

    1. 保存记录。

      1. Go to your DNS provider’s site and create a new CNAME record.

      2. In the hostname field (or equivalent), enter _dnsauth.

      3. In the record type field (or equivalent), select CNAME.

      4. In the target host field (or equivalent), enter [random_value].dcv.digicert.com to point the CNAME record to dcv.digicert.com.

      5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

      6. Save the record.

    2. 用户操作您的唯一验证令牌框中,复制您的验证码。要将值复制到剪贴板,请单击文本字段。

      重要

      On October 28, 2025, DigiCert is ending support for the [random_value] prefix DNS CNAME record configuration. To learn more about this change, see the October 28 change log entry.

      1. 转到 DNS 提供商的网站并创建新的 CNAME 记录。

      2. 在主机名字段(或同等字段)中,粘贴您从 DigiCert 帐户中复制的验证令牌。

      3. 在记录类型字段(或同等字段)中,选择 CNAME

      4. 在目标主机字段(或同等字段)中,输入 dcv.digicert.com(将 CNAME 记录指向 dcv.digicert.com)。

      5. 选择生存时间 (TTL) 值或使用 DNS 提供商的默认值。

      6. 保存记录。

  3. 验证 DNS CNAME 记录:

    1. In CertCentral, in the left main menu, go to Certificates > Domains..

      For CertCentral Subscription accounts, in the left menu, go to Validation > Domains.

    2. 页面的域名列中,单击域链接。

    3. 在域信息页面底部,单击检查 CNAME

本节内容如下: