Domain Validation SSL certificates are the most basic of the three types of SSL/TLS certificates. Of course, that does not mean they are any less secure than a business-level SSL certificate. While Organization Validation and Extended Validation require multiple steps in which the Certificate Authority vets the company or organization applying for the certificate, Domain Validation takes just a single step. The Certificate Authority must simply verify that the person or organization applying for the certificate owns the registered domain, that's it!
What is Domain Validation?
To satisfy the Domain Validation requirement you must prove you own the domain that was submitted with the order.
The easiest, and most preferred method for accomplishing this is via email-based authentication.
If your domain's WHOIS record is public and includes a valid contact email, the CA may be able to send the Domain Authentication email to the address listed on your WHOIS record. However, some WHOIS records require human verification via CAPTCHA, which means the CA's system cannot access the record or pull the email. There are also some international privacy laws that prevent WHOIS records from publishing website ownership information.
If the WHOIS option is unavailable, the CA can also send the authentication email to one of five pre-approved email addresses associated with the website. The five pre-approved addresses are:
If you cannot satisfy the Domain Validation requirement via email, there are alternative methods as well.
There are two additional ways to satisfy the Domain Validation requirement, though one of them is exclusive to Comodo. Those alternative methods are:
- File-Based Authentication – The CA will provide you with a text file that you will need to upload to the root directory of your website in a specific URL. This will then be verified by the CA via HTTP or HTTPS.
- DNS-Based Authentication – The CA will provide you with instructions for creating a special DNS record (a TXT record or CNAME record, depending on the CA) that will prove you control the domain.
Now all that’s left is for the CA to issue you the SSL certificate. Then you’ll need to install it. For more help installing your SSL Certificate, click here.