If the customer has a firewall, they can whitelist us so they can before HTTP or HTTPS for DCV on a IP address if we cant use the whois lookup:
e-mail is being sent from [email protected]
DCV IP Addresses:
yes, manual validation for certificates for IP addresses (i.e. with CN or SAN including IP address) - was introduced on May 13 2017 by rework # 5 to WCR 16092602 , details below. It will work for all customers
b) in addition to manual validation - HTTP/HTTPS CSR HASH method will work as well, for all customers
I.e. for all customers (CCM and non-CCM) - for all such orders- domain name can be validated either manually or vie HTTP/HTTPS CSR hash and if such validation happened it will sufficient and we will no longer require IP range validation.
In addition to this, for CCM customers only, we will accept also additional validation method - through IP address range. This is optional , and if CCM order was validated manually or via alt-DCV methods as I mentioned in (a) and (b) above -validation via IP range wil not be required. But - in absence of manual DCV - validation via IP range will be also acceptable (again - only for CCM customers)
So certificate for public IP address can be validated either by
- HTTP/S CSR hash or manual validation , for all customers
- or, for CCM accounts only, through validation of IP range (whereas such validation is not mandatory in case domain was already validated manually)
Now to your remarks
It is giving validation the option to validate all the domains under the domain name validation details (validate all domains).
I thought that the procedure changed to adding in these addresses under the web host details.
This ability originally existed only via API. Our May release (rework # 3 to WCR 16092602) also allowed validators to manually add such ranges (ability to validate such ranges was there earlier)
However, even though the IP address is added to the authorized range under webhost it is not validating it under the domain name validation details.
This is correct behavior. Validating the range - marks the range as validated but will not affect DCV status of a single IP address. If range was validated and an IP by itself wasn't DCV'd - then this IP will appear as not validated in "domain name validation details" section . Yet, for CCM customers - such certificate can be issued since the range is validated
IP Address Based DCV
IP Address based DCV requires that a DNS lookup for A records for the FQDN resolves to an IP address over which the applicant has control.
Comodo will obtain documentation of IP address assignment from the Internet Assigned Numbers Authority (IANA) or a Regional Internet Registry (RIPE, APNIC, ARIN, AfriNIC, LACNIC).
Comodo records the IP ranges over which the applicant has control and initially validates as a manual process that the documentation available confirms that the applicant actually has control of those ranges. The relevant range(s) of IP address must have been validated and recorded against the applicant’s account BEFORE the certificates which are to rely on this DCV method are requested.
When the AutoApplySSL call is made, an additional parameter must be specified to indicate use of IP address based DCV. This parameter is called ‘dcvMethod’ and must be set to the UPPERCASE value ‘IP_ADDRESS_PRE’.