+380 (44) 391 0955
Call me
24/7 email support
Live chat (10:00-19:00)

Alternative ways to validate Comodo SSL certificates with domain validation

All Comodo certificates must pass through DCV (Domain Control Validation) verification before being issued. DCV is the mechanism used to confirm that you are the owner of a domain.

There are three options for passing the DCV check:

  1. Via eMail (Traditional)
    An email is sent to your domain’s administrative contact. The letter contains a unique validation code and a link. It is necessary to go to the link and enter a code to confirm ownership of the domain. Valid email addresses are considered to be the following:
    Any email address that is visible when you check the domain through the whois service, as well as addresses in your domain that begin with the following names:
  2. Method based on DNS CNAME
    The CSR you sent to Comodo is hashed. This hash is sent to you and you have to enter it as a CNAME entry in the DNS of your domain. The hash must be specified in the following format:
    <The MD5 hash of the CSR is>.yourdomain.com. CNAME <SHA1 hash of CSR>.comodoca.com
    Note: Note that each domain must end with a period at the end of the record, as in the example.
    Note 2: Note yourdomain.com in the example above (and below in the third method) means the domain that will be contained in the certificate. If you order a SAN or UCC certificate, a separate CNAME record must be created for each domain/subdomain.
    For example:
    <The MD5 hash of the CSR is>.subdomain1.yourdomain.com. CNAME <SHA1 hash of CSR>.comodoca.com
    <The MD5 hash of the CSR is>.subdomain2.yourdomain.com. CNAME <SHA1 hash of CSR>.comodoca.com
  3. Method based on HTTP DCV
    The CSR you sent to Comodo is hashed. You need to specify this hash in a plain text file and place this file in the root of your site, which can be accessed via HTTP, not HTTPS!
    The file and its contents should look like this::
    http://yourdomain.com/<MD5 hash CSR uppercase >.txt
    Contents (in plain text file): <SHA1 hash CSR>
    Note: If you have a redirect from HTTP to HTTPS the validation will pass, but all redirects must be no longer than 5 seconds. The DCV validation will fail if any of the redirects are longer than 5 seconds. The DCV check will also fail if the site is HTTPS with a self-signed certificate.

Additional information:

In case you do not have a CSR hash, you can use Online CSR Decoder.

We recommend:

  • Uncheck Show Empty Fields
  • Check Show CSR Hashes

before specifying your CSR and clicking the Decode button.

 SSL Certificates
Total 0 Votes:

Tell us how can we improve this post?

+ = Verify Human or Spambot ?