All Comodo certificates must pass through DCV (Domain Control Validation) verification before being issued. DCV is the mechanism used to confirm that you are the owner of a domain.

There are three options for passing the DCV check:

  1. Via eMail (Traditional)
    An email is sent to your domain’s administrative contact. The letter contains a unique validation code and a link. It is necessary to go to the link and enter a code to confirm ownership of the domain. Valid email addresses are considered to be the following:
    Any email address that is visible when you check the domain through the whois service, as well as addresses in your domain that begin with the following names:
  2. Method based on DNS CNAME
    The CSR you sent to Comodo is hashed. This hash is sent to you and you have to enter it as a CNAME entry in the DNS of your domain. The hash must be specified in the following format:
    <The MD5 hash of the CSR is> CNAME <SHA1 hash of CSR>
    Note: Note that each domain must end with a period at the end of the record, as in the example.
    Note 2: Note in the example above (and below in the third method) means the domain that will be contained in the certificate. If you order a SAN or UCC certificate, a separate CNAME record must be created for each domain/subdomain.
    For example:
    <The MD5 hash of the CSR is> CNAME <SHA1 hash of CSR>
    <The MD5 hash of the CSR is> CNAME <SHA1 hash of CSR>
  3. Method based on HTTP DCV
    The CSR you sent to Comodo is hashed. You need to specify this hash in a plain text file and place this file in the root of your site, which can be accessed via HTTP, not HTTPS!
    The file and its contents should look like this::<MD5 hash CSR uppercase >.txt
    Contents (in plain text file): <SHA1 hash CSR>
    Note: If you have a redirect from HTTP to HTTPS the validation will pass, but all redirects must be no longer than 5 seconds. The DCV validation will fail if any of the redirects are longer than 5 seconds. The DCV check will also fail if the site is HTTPS with a self-signed certificate.

Additional information:

In case you do not have a CSR hash, you can use Online CSR Decoder.

We recommend:

  • Uncheck Show Empty Fields
  • Check Show CSR Hashes

before specifying your CSR and clicking the Decode button.

 SSL Certificates
Total 0 Votes:

Tell us how can we improve this post?

+ = Verify Human or Spambot ?