Skip to main content

Verification Help: Domain Verification Methods

User-added image

In order to issue SSL/TLS certificates for your websites and applications, you must undergo an industry standard domain validation process. This process ensures that only authorized parties are able to issue certificates that can protect these domains.

Self-Service Verification Methods

BACKGROUND

The CA Browser Forum outlines their requirements for Certification Authorities in The Baseline Requirements Document. Refer to section 3.2.2.4 for more background on baseline requirements for domain validation.

SELF-SERVICE VERIFICATION METHODS

Entrust supports the following self-service, fully automated domain verification methods for our Enterprise customers to prove domain control:

Email Authentication

There are two options of method under this category, a confirmation email can be sent to the email address listed on your DNS Server's TXT, or alternatively a confirmation email can be sent to the contacts listed on the WHOIS record who can authorize you to continue issuing certificates for the domain (We do not recommend using WHOIS-based method. it will be deprecated soon. See this proposed CA/Browser Forum Ballot ).

1. An automatic propagation email address from your DNS Server:

  • This method is best used when you or someone you know within your organization has access to the domain DNS records.
  • This method can ensure a swift and consistent email verification option, and can be adjusted as needed.

Please see our technote here for more information

2. Sending a confirmation email to contacts that are listed on the WHOIS record. Note: This verification method will be deprecated soon. We do not recommend using this method.

  • This method is best used when you or someone you know within your organization has access to the email addresses provided on the WHOIS record and the record is publicly available.

Please see our technote here for more information.

DNS Verification

Entrust will provide you with a random value that you must post to your domain DNS TXT record. Once detected, your domain is then re-validated in our system.

  • This method is best used when you or someone you know within your organization has access to the domain DNS records.

Please see our technote here for more information

Web Server Authentication

Entrust will provide you with a random value that you must post on a server that hosts web content for the domain in question. Once detected, your domain is then re-validated in our system.

  • This method is best used when you or someone you know within your organization has access to a Web Server that hosts public web content for the domain in question.

Please see our technote here for more information.

If none of these methods apply or you are not sure, you can still select the manual verification option and a Verification Specialist will contact you to walk you through the process.

If you have any questions or concerns, please contact us.

Phone Support:

North America: 1-866-267-9297

Local/International: 1-613-270-2680

E-mail Support:

Verification Support: [email protected]

Technical Support: [email protected]