In order to issue SSL/TLS certificates for your websites and applications, you must undergo an industry standard domain validation process. This process ensures that only authorized parties are able to issue certificates that can protect these domains.
Self-Service Verification Methods
BACKGROUND
The CA Browser Forum outlines their requirements for Certification Authorities in The Baseline Requirements Document. Refer to section 3.2.2.4 for more background on baseline requirements for domain validation.
SELF-SERVICE VERIFICATION METHODS
Entrust supports the following self-service, fully automated domain verification methods for our Enterprise customers to prove domain control:
Email Authentication
There are two options of method under this category, a confirmation email can be sent to the email address listed on your DNS Server's TXT, or alternatively a confirmation email can be sent to the contacts listed on the WHOIS record who can authorize you to continue issuing certificates for the domain (We do not recommend using WHOIS-based method. it will be deprecated soon. See this proposed CA/Browser Forum Ballot ).
1. An automatic propagation email address from your DNS Server:
- This method is best used when you or someone you know within your organization has access to the domain DNS records.
- This method can ensure a swift and consistent email verification option, and can be adjusted as needed.
Please see our technote here for more information
2. Sending a confirmation email to contacts that are listed on the WHOIS record. Note: This verification method will be deprecated soon. We do not recommend using this method.
- This method is best used when you or someone you know within your organization has access to the email addresses provided on the WHOIS record and the record is publicly available.
Please see our technote here for more information.
DNS Verification
Entrust will provide you with a random value that you must post to your domain DNS TXT record. Once detected, your domain is then re-validated in our system.
- This method is best used when you or someone you know within your organization has access to the domain DNS records.
Please see our technote here for more information
Web Server Authentication
Entrust will provide you with a random value that you must post on a server that hosts web content for the domain in question. Once detected, your domain is then re-validated in our system.
- This method is best used when you or someone you know within your organization has access to a Web Server that hosts public web content for the domain in question.
Please see our technote here for more information.
If none of these methods apply or you are not sure, you can still select the manual verification option and a Verification Specialist will contact you to walk you through the process.
If you have any questions or concerns, please contact us.
Phone Support:
North America: 1-866-267-9297
Local/International: 1-613-270-2680
E-mail Support:
Verification Support: [email protected]
Technical Support: [email protected]