Skip to main content

使用 DNS CNAME 验证方法验证域控制权

通过 DNS CNAME 记录证明对域的控制权

检查 TLS/SSL 证书订单的状态,然后使用 DNS CNAME 记录 DCV 方法证明对订单上所列域的控制权。有关更多信息,请参阅证明对您的 SSL 证书订单上所列域的控制权

检查 TLS/SSL 证书订单的状态,然后使用 DNS CNAME 记录 DCV 方法证明对订单上所列域的控制权。有关更多信息,请参阅证明对您的 SSL 证书订单上所列域的控制权

Validate domains before adding them to your certificate orders

For faster certificate issuance, validate domains before adding them to your OV/EV TLS certificate orders. To learn more about this domain validation process, see Supported DCV methods for validating domains in your CertCentral account.

第 1 步:检查待处理订单的状态

  1. 在您的 CertCentral 帐户中,转到订单的订单编号详细信息页面。

    1. 在左侧主菜单中,转到证书 > 订单

    2. 订单页面的订单编号列,单击证书的订单编号链接。

  2. 订单编号详细信息页面的订单状态部分,检查订单的证书颁发状态(订单是否在等待完成域或组织验证?)。

    After validation is completed, the Certificate status section no longer appears on the Order # details page.

  3. Under What do you need to do, select the domain's link you want to validate.

  4. In the Prove control over domain window, in the Domain control validation (DCV) method menu, select DNS CNAME Record and then select Save.

  5. Under 2. Add the DigiCert provided token to your CNAME record, in the Order token box, copy the DigiCert-provided random value.

    The random value expires after 30 days.

  6. Use one of the options below to create your DNS CNAME records:

    1. Option 1. (preferred): Create the DNS CNAME record with the static prefix _dnsauth

      1. Go to your DNS provider’s site and create a new CNAME record.

      2. In the hostname field (or equivalent), enter _dnsauth.

      3. In the record type field (or equivalent), select CNAME.

      4. In the target host field (or equivalent), enter [random_value].dcv.digicert.com to point the CNAME record to dcv.digicert.com.

      5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

      6. Save the record.

    2. Option 2: Create the DNS CNAME record

      1. Go to your DNS provider’s site and create a new CNAME record.

      2. In the hostname field (or equivalent), enter the random value copied from your CertCentral account.

      3. In the record type field (or equivalent), select CNAME.

      4. In the target host field (or equivalent), enter dcv.digicert.com to point the CNAME record to dcv.digicert.com.

      5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

      6. Save the record.

  7. Complete domain validation.

    1. In your CertCentral account, go to the certificate's Order # details page.

    2. On the Order # details page, in the Certificate status section, under What do you need to do, locate and select the domain link.

    3. In the Prove control over domain window, under 5. Complete domain validation, select Check record.

本节内容如下: