Sectigo's Domain Validated (DV) SSL Certificate Explained.

What is a Domain Validated Certificate?

Domain Validated (or DV) SSL certificates are the fast, convenient, reliable way to add industry-standard encryption to web sites and internal systems. DV Certificates are the most basic of the three types of SSL/TLS certificates. While Organization Validation (OV) and Extended Validation (EV) require multiple steps in which the Certificate Authority vets the company or organization applying for the certificate, Domain Validation takes just a single step.

What are the requirements for a Domain Validated Certificate?

  • The Certificate Authority must simply verify that the person or organization applying for the certificate owns the registered domain.
  • To satisfy the Domain Validation requirement you must prove you own the domain that was submitted with the order.

The easiest, and most preferred method for accomplishing this is via email-based authentication. During email-based authentication, the CA will send an email to the WHOIS registrar email address asking them to verify that they did indeed register for a certificate. Once you respond to that email confirming registration of the certificate, the requirement is considered satisfied and the certificate is issued.

The CA can also send the DCV email to one of five pre-approved email addresses associated with the website. These are:

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

If you cannot satisfy the Domain Validation requirement via email, there are alternative methods as well.

Alternative Methods: There are two additional ways to satisfy the Domain Validation requirement.

  • File-Based Authentication: The CA will provide you with a text file that you will need to upload to the root directory of your website. This will then be verified by the CA via HTTP or
  • HTTPS.CNAME-Based Authentication (Sectigo Only): Sectigo will provide you with two unique hash values (these are MD5 and SHA1). You, then, must enter them in your CNAME DNS record. You must use the following format: “<MD5 hash> CNAME <SHA-1 hash>”

Once this is complete, Sectigo will validate and use it to satisfy the Domain Validation requirement.

Domain Validated Certificates