Domain Validation SSL certificates are the most basic of the three types of SSL/TLS certificates. Of course, that does not mean they are any less secure than a business-level SSL certificate. 

While Organization Validation and Extended Validation require multiple steps in which the Certificate Authority vets the company or organization applying for the certificate, Domain Validation takes just a single step. 

The Certificate Authority must simply verify that the person or organization applying for the certificate owns the registered domain, that's it!

What is Domain Validation?

To satisfy the Domain Validation requirement you must prove you own the domain that was submitted with the order.

The easiest, and most preferred method for accomplishing this is via email-based authentication. 

The CA can send a domain control verification (DCV) email to one of five pre-approved email addresses associated with the website. The five pre-approved addresses are:

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

If you cannot satisfy the Domain Validation requirement via email, there are alternative methods as well.

Alternative Methods

There are two additional ways to satisfy the Domain Validation requirement. Those alternative methods are:

• File-Based Authentication – The CA will provide you with a text file that you will need to upload to the root directory of your website in a specific URL. This will then be verified by the CA via HTTP or HTTPS.
• DNS-Based Authentication – The CA will provide you with instructions for creating a special DNS record (a TXT record or CNAME record, depending on the CA) that will prove you control the domain.

Now all that’s left is for the CA to issue you the SSL certificate. Then you’ll need to install it. Click here to check out our SSL Certificate Installation Guides.

File-based validation concerning Wildcard SSL certificates

File-based validation is no longer allowed for wildcard domains. Email and DNS will still be permitted for wildcards. 

Fully qualified domain names (FQDNS) and sub-domains that are not wildcard domains can still be validated by file authentication via the exact domain name. Please note sub-domains cannot be authenticated on the root domain.