All Comodo certificates must pass through DCV (Domain Control Validation) before they are issued. DCV is a mechanism used to prove ownership or control of a registered domain name.

There are 3 mechanisms for DCV:

  1. eMail-based DCV (Traditional)

    You will be sent an email to an administrative contact for your domain. The email will contain a unique validation code and link. Clicking the link and entering the code will prove domain control.

    Valid email addresses are:
    Any email address which our system can scrape from a port 43 whois check;

    The following generic admin type email addresses @ the domain for which the certificate is being applied:
    admin@
    administrator@
    postmaster@
    hostmaster@
    webmaster@

  2. DNS CNAME-based

    The CSR you submit to Comodo will be hashed. The hash values are provided to you and must be entered as a DNS CNAME record for your domain.

    The hashes are to be entered as follows:

    <Value of MD5 hash of CSR>.yourdomain.com. CNAME <value of SHA1 hash of CSR>.comodoca.com.


    Note: Please take notice the trailing period/fullstop at the tail end of each of the TLDs as this is required to make the entry fully-qualified.

    Note2: yourdomain.com in the example above (and below in the HTTP(S) method instructions) means the Fully Qualified Domain Name (FQDN) contained in the certificate. If you are ordering a MDC or UCC certificate, separate CNAME records must be created for EACH FQDN in your order.

    Examples:
    <Value of MD5 hash of CSR>.subdomain1.yourdomain.com. CNAME <value of SHA1 hash of CSR>.comodoca.com.
    <Value of MD5 hash of CSR>.subdomain2.yourdomain.com. CNAME <value of SHA1 has of CSR>.comodoca.com.

  3. HTTP(S)-based DCV

    The CSR you submit to Comodo will be hashed. The hash values are provided to you and you must create a simple plain-text file and place this in the root of your webserver and served over HTTP-only!

    The file and it's content should be as follows:
    http://yourdomain.com/<Upper case value of MD5 hash of CSR>.txt

    Content (as a plain text file):

    <Value of SHA1 hash of CSR>
    comodoca.com

    Note: The DCV will fail if any redirection is in place.

    Note 2: yourdomain.com in the example above (and in the CNAME method instructions; above) means the Fully Qualifed Domain Name (FQDN) contained in the certificate. If you are ordering a MDC or UCC, each FQDN in the certificate MUST have the TXT file in place in its root folder.

    Examples:
         subdomain1.yourdomain.com/<Value of MD5 hash of CSR>.txt
         subdomain2.yourdomain.com/<Value of MD5 hash of CSR>.txt

Was this answer helpful? 0 Users Found This Useful (0 Votes)