Domain Authentication is a method of proving domain control where an email can be sent to a domain contact to verify that they authorize the issuance of an SSL/TLS certificate for the domain.
This domain validation method can be very easy and fast, but may also depend on the following factors:
- Some domain WHOIS records are not publicly available. This method can only be used when there is public information available for the domain contact email address
- Some domain WHOIS records do not include any contact information
- In larger organization, the domain contact may not be familiar with the domain validation request. If the contact who manages your domain is not aware of any SSL/TLS related validation activities, it is recommend that they be contacted in advance so that they are aware of the domain validation request.
If you are planning to use the Domain Authentication method, it is highly recommended that you look at getting your own contact email address or group email address that you can access added to the WHOIS record so that you can respond to the authorization requests quickly. Most Domain WHOIS registrars can support multiple contacts, such as Admin and Technical contacts. Use a public WHOIS search to see what contacts are currently listed.
Industry standards also allow Certification Authorities to send email confirmations to generic email addresses that are not included on the WHOIS record. For example, to validate the domain testcertificates.com, an email could be sent to:
If your WHOIS record is not public, you are not sure who the WHOIS contacts are within your organization and you cannot get your own email address added to the record, you can consider setting up these mailboxes for the specific purpose of using them for proof of domain control.
To perform Email Authentication:
1. Log into the ECS portal at https://login.entrust.net
2. Click on “Administration” menu.
3. Click on “Domain Management” tab.
- If you are performing validation on a new domain, enter the domain, select the client, and select the Email method from the drop down.
If you are performing validation on a domain that is set to expire:
4. Click on the "Expiring Domains" tab to view your expiring domains.
5. Click the checkbox for each domain you would like to re-verify.
6. Click on "Resubmit domain(s) for verification".
7. Select the Email method and click "Resubmit".
If you have any questions or concerns, please contact us.
Phone Support:
North America: 1-866-267-9297
Local/International: 1-613-270-2680
E-mail Support:
Verification Support: [email protected]
Technical Support: [email protected]