Validation Process for DV SSL Certificate
Apr 20, 2023
What Happens After You Purchased a DV SSL Certificate
After you've purchased DV SSL, follow the below steps to activate and implement HTTPS on your website or device.
-
Enroll the SSL in your HTTPS.IN account.
-
Complete DCV (Domain Control Validation)
-
Install the SSL on your Webserver.
In this knowledge base, we will discuss various domain control validation (choose anyone) & company verification process for DV SSL certificate to get issued.
Email Validation:
When an organization or domain receives an initial request, an automated email requesting authorization will invariably be dispatched to the email contacts registered in the whois database. eg.
abc@gmail.com
Also, they will send the domain verification email along with above mentioned constructive email addresses:
-
admin@domain.com
-
administrator@domain.com
-
webmaster@domain.com
-
hostmaster@domain.com
-
postmaster@domain.com
By utilizing the provided emails, you have the ability to endorse the certificate in a matter of seconds by following the instructions enclosed within.
DNS Verification:
If you don't have the above email addresses you can go with DNS TXT OR CNAME record creation to complete the domain validation process.
To complete domain verification using DNS, you'll need to add a CNAME or TXT record depending on your SSL vendor (Sectigo or DigiCert Family). Before your certificate can be issued, the new record needs to be viewable by the public using an online
DNS lookup tool. It may take 24-48 hours for your record to propagate, which is outside our control.
CNAME Record for Sectigo (formerly Comodo) certificates:
-
Log in to your domain's hosting Control Panel
-
Select DNS Zone Manager.
-
Create a new CNAME Record with the unique values from your certificate enrolment page.
-
Set TTL to 3600 or set it to default and save.
-
Wait for the record to propagate.
If this method does not work, you can opt for an alternative verification method by selecting "Change Approver Method" on your Certificate Enrolment page.
TXT Record for DigiCert/Symantec/Thawte/GeoTrust/RapidSSL certificates:
-
Log in to your domain's hosting Control Panel
-
Select DNS Zone Manager
-
Create a new TXT Record with the unique value from your Certificate Enrolment Page
-
Set TTL to 3600 or set to default and save.
-
Wait for the record to propagate.
If this method does not work, you can opt for an alternative verification method by selecting "Change Approver Method" on your Certificate Enrolment page.
How to Check if Your Record is Ready!
-
Check if your CNAME record is validated using a DNS lookup tool like
https://www.whatsmydns.net/.
Enter the value from your Host Name field and select CNAME. If the "Points To" value is displayed with green check marks, your CNAME record is propagated, and your SSL should be issued soon.
-
To check if your TXT record has propagated, use a DNS record lookup tool such as
https://www.whatsmydns.net.
Input your domain and select TXT from the drop-down menu, then hit “Search”. If you can see your TXT record’s unique value with green check marks, your TXT record is propagated, and your SSL should be issued soon.
HTTP/HTTPS File Verification:
To use the file-based method for SSL certificate validation, you need to place the unique verification file at a specific URL. Follow the steps below:
-
Create a folder titled ".well-known" in your server's public or home directory.
-
Generate a new folder called "pki-validation" under the "well-known" directory.
-
place the distinct text file that you downloaded from your Certificate Enrolment page into the folder named "pki-validation". This ensures that the file is properly validated.
Example:
domain.com/.well-known/pki-validation/[a unique file name].txt
If this method does not work, you can opt for an alternative verification method by selecting "Change Approver Method" on your Certificate Enrolment page.