Domain Validation (DV)
All certificates should be subject to a domain validation process used to confirm domain name ownership rights.
Three validation methods are available:
Validation via email
You will get an email to admin mailbox of your domain with a unique confirmation code and link. Follow the link and input this unique code to pass the validation.
Permissible email addresses:
- admin@<your domain>
- administrator@<your domain>
- webmaster@<your domain>
- hostmaster@<your domain>
- postmaster@<your domain>
The following domain validation methods are only available for Comodo certificates.
Validation via DNS record
Your CSR will be hashed. You will be provided with hash values. Then, input a DNS CNAME record of your domain.
CNAME record format will look as follows:
_<value of MD5 hash of CSR>.<your domain>. CNAME <value of SHA-256 hash of CSR>.[<uniqueValue>.]comodoca.com.
Notes:
- SHA-256 hash is divided by a “.” (dot) into two labels 32 of characters each;
- Be sure to place a dot in the end of a full domain name;
- When ordering multi-domain certificates, create separate CNAME records for each full domain name in your order;
- A mnemonic name in a CNAME record for a domain with “www” which a certificate is ordered for, should be without “www” (i.e. if your domain is www.example.com, the record should look like this: _<value of MD5 hash of CSR>.example.com.).
Validation via a HTTP(S)
Your CSR will be hashed. You will be provided with hash values. Then, create a text file and save it to a root directory of your website.
The file and its content should be as follows:
1. File URL:
http://<your domain>/.well-known/pki-validation/<Value of MD5 hash in upper case>.txt
2. Content:
<Value of SHA-256 hash>
comodoca.com
Notes:
- Validation will not be completed if the website has redirections;
- Check if /.well-known/ and /.well-known/pki-validation/ directories exist on the web server;
- If you order a multi-domain certificate, then each protected domain in the certificate must have a txt file in its root directory;
- For domains with “www”, validation is based on URLs without “www” (i.e. if you order a certificate for www.example.com domain, then the file must be accessible at http(s)://example.com/.well-known/pki-validation/<Value of MD5 hash in upper case>.txt).
Examples:
File name
Content
Organization Validation (OV)
Step 1. Domain validation
The domain validation process is described in the previous paragraph.
Step 2. Organization validation
Can be performed as follows:
- Certification center checks if the organization exists in the state registry of entities.
- Public data registers can be used, such as Dun & Bradstreet, Hoovers, Companies House on gov.uk, and Lursoft.lv
- Address can be confirmed by one of the following documents:
- organization's articles of association (address should be specified in it);
- government license for commercial activity where address is specified;
- copy of company's bank account statement for the last 6 months (you can specify account number here);
- copy of company's phone bills for the last 6 months;
- copy of company's bills for utility services (electricity, water, etc.) for the last 6 months or an existing rental agreement;
- Notarized letter (Legal Opinion Letter)
Step 3. Callback
Certification center employee (or, more frequently, a robot) calls you to confirm certificate request originality and complete validation process.
After all steps are successfully completed, the certificate is signed and issued.
Extended Validation (EV)
Step 1. Filling in certification center forms
The center sends you special forms to be filled in.
Step 2. Organization validation
The organization validation process is described in OV paragraph.
Step 3. Domain validation
The domain validation process is described in DV paragraph.
Step 4. Callback
Certification center employee calls you to confirm certificate request originality and complete validation process.
After all steps are successfully completed, the certificate is signed and issued.