SSL CertificatesTrust solutions
VULNERABILITY SCANNER WITHOUT COMPROMISES
15.00$ Basic Quick-Scan
  • OWASP Top 10 Scanning
  • Multi Page Web Applications
  • REST API & JavaScript Scan
  • Set it up in minutes
NEW FLEX SSL FEATURE AVAILABLE
44.00$ Starting at
  • Protect up to 250 domains
  • Wildcard domains
  • Single and sub-domains
  • Public IP addresses
ROBUST AND MODERN WAY TO IDENTIFY COMPANY
49.00$ Billed annually
  • Registered companies
  • Non Profit, Funds and Trusts
  • Government entities
  • Sole Proprietors/Individuals
Home Wiki Validation Sectigo Alternative Domain Validation methods

Sectigo Alternative Domain Validation methods

  • Domain Validation SSL certificates are the most quickly issued products we have. In most cases, it takes just 5 minutes to issue SSL once domain verification passed. No paperwork requires, all you need is to pass Domain Validation Control (DCV) via one of the available methods.

    You can check CAB Forum Reference for more details.

    • A

      Authorization Domain Name

      For each FQDN, the “Authorization Domain Name” is the domain name that you use to do the DCV.

      • If the FQDN to be included in the certificate is internal.example.tld, the Authorization Domain Name could be either internal.example.tld or example.tld;
      • If you request a certificate for the 2 domains (www.example.tld, example.tld), an Authorization Domain Name of example.tld may be used to do a single validation that will validate both FQDNs, whereas an Authorization Domain Name of www.example.tld may not;
      • An Authorization Domain Name cannot be a registry controlled name and cannot be a public suffix. That means that ‘co.uk’ or ‘com’ can’t be Authorization Domain Names, and (e.g.) ‘pvt.k12.ma.us’ can’t be an Authorization Domain Name because it is a public suffix;
      • The Authorization Domain Name never contains a wildcard ('*') character so even if the FQDN contains a wildcard character, the Authorization Domain Name will not. E.g. If the FQDN to be included in the certificate is *.service.example.tld, the Authorization Domain Name could be either example.tld or service.example.tld
    • E

      Validation via E-mail

      An email is sent to that address, containing a unique validation code. The email should be received by someone in control of the domain, where they can follow a link provided in the email and enter the validation code, thus proving domain control.

      The unique validation code is only valid for 30 days. I.e. any attempt to use the unique validation code more than 30 days after it was created will fail. The list of acceptable email addresses for any given domain are:

      • admin@
      • administrator@
      • hostmaster@
      • postmaster@
      • webmaster@
      • WHOIS email. Any Admin, Registrant, Tech or Zone contact email address that appears on the domain’s WHOIS record, and is VISIBLE to Sectigo CA system.
    • H

      Validation via HTTP/HTTPS

      HTTP based DCV requires that a HTTP server be running on port 80 or that an HTTPS server be running on port 443 of the Authorization Domain Name. Sectigo looks for the file at every valid Authorization Domain, i.e. starts with the FQDN and then will strip one or more labels from left to right in the FQDN and will look for the file on each intermediate domain.

      You will receive the validation file in the (.txt) text file. A text file is created, containing the SHA-256 hash, the Request Tokens/Unique value and the domain ‘sectigo.com’ on the next line.

      For example: A CSR is generated with the CN=www.example.tld The Authorization Domain Name will be example.tld The CSR is hashed using both the MD5 and SHA-256 hashing algorithms.

      File / URL example

      The file name format is: .txt and placed in the /.well-known/pki-validation directory of the HTTP server, like so:

      http://example.com/.well-known/pki-validation/C7FBC2039E400C8EF74129EC7DB1842C.txt
      {TEXT FILE CONTENT}
      c9c863405fe7675a3988b97664ea6baf442019e4e52fa335f406f7c5f26cf14f
      sectigo.com
      123456789
      

      The Sectigo CA system checks for the presence of the text file and its content. If the file is found and the hash values match, domain control is proven.

    • C

      Validation via DNS CNAME

      DNS CNAME based DCV requires the creation of a unique CNAME record, pointed back to Sectigo CA. Sectigo looks for the CNAME at every valid Authorization Domain, i.e. starts with the FQDN and then strip one or more labels from left to right in the FQDN and will look for the CNAME on each intermediate domain.

      For a certificate request for an FQDN of *.mail.internal.example.tld, Sectigo would looks for the CNAME in these places and in this order: mail.internal.example.tld internal.example.tld example.tld The Authorization Domain Name is the one we find it on.

      A CNAME DNS record is created under the Authorization Domain Name. The content of the CNAME is described in more details below. Two hashes of the CSR are generated before submission to Sectigo CA.

      The format of the CNAME will be:
      ‘_’ .Authorization Domain Name CNAME
      example _CC5412BF14B25A69F0D3A571C2426767.example.tld.
      
      .[.]sectigo.com
      example 72B21EEE5B37D7913084.61F4BB041A1845F87DC8.sectigo.com.
      

      Hints!

      • Note: The “_” is always included and the “.” after the “.tld” also should be included but depending on the web hosting company it may not be required;
      • When copy-pasting the hashes make sure there is “NO SPACES” caught;

      When creating the DNS CNAME record over at your web-hosting company, there will 3 entries:

      • The “Hostname” which correlates to the first hash [MD5] “_.HASH_DOMAIN.TLD.”
      • The “Alias to or directed to” which correlates to the second hash [Sha256] “.[.]sectigo.com”
      • The Time to live [TTL], which you need to leave at the default value set by the web-hosting company.

Fast Issuance within 3-5 minutes

Get a Domain Validation SSL certificate within just 5 minutes using our friendly and automated system. No paperwork, callback or company required.

Price Match 100% Guarantee

Found a better price? We will match it - guaranteed. Get the best possible price in the World with us. The correct place to save your money.

Free SSL 90-day for free

Try 90-day Trial SSL Certificate before the real purchase to test cert's functionality. 99.9% browser and mobile support. Free reissues.

Money Back 30-day guarantee

Customer satisfaction is our major concern. Get a full refund within 30 days for any purchase of SSL certificates with 100% guarantee.

Speed up SSL issuance

GoGetSSL® offers fastest issuance of SSL due to use of LEI code and API automation. Legal Entity Identifier (LEI) is a global identity code, just like DUNS. Learn how LEI works.

1,422,468+Total LEIs issued
224+Jurisdictions supported