Nexcess Logo

What is domain control validation (DCV)?

Knowledge Base Home

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.
September 09, 2019

Three methods Nexcess clients can use to send DCVs to Comodo as part of the procedure for registering SSL certificates. 

Domain control validation definition

A domain control validation, or DCV, is used by the CA before issuing an SSL certificate to verify the person making the request is in fact authorized to use the domain related to that request. Nexcess uses Comodo as their CA exclusively.

About the 3 domain control validation methods

After submitting your CSR, you must choose one of the three methods provided by Comodo. Only the domain owner or someone authorized by that domain owner may validate with Comodo. Three methods are by email, by DNS record, and by file authorization.

Domain control validation method #1 — email

The email method is the traditional means of validating ownership of your domain with DCV. Comodo will send an email to the administrative contact for the domain. This email will provide a unique validation code and a link; click the link and enter the code to validate.

 For security reasons, Comodo can only send the DCV email to five different types of email addresses:

  • admin@
  • administrator@
  • postmaster@
  • webmaster@
  • hostmaster@

 All of these options end with the domain used to create the CSR. If your domain does not have an email address corresponding to one of these types, then you must either create one for the DCV or provide a valid email address listed in your whois data. However, domains with private registration will have an invalid email address and must instead use one of the options listed above.

Domain control validation method #2 — DNS record

The CSR you submit to Comodo will be hashed and these hash values will be provided to you. To validate, you must enter these hash values as a DNS CNAME record for your domain according to the following format, where example.com is the FQDN contained in your certificate:

<Value of MD5 hash of CSR>.example.com.CNAME <value of SHA1 hash of CSR>.comodoca.com.

Domain control validation method #3 — file authorization

Also called an HTTP-based DCV, this method also requires you to use the hash values provided to you by Comodo. To validate, create a plaint-text file and place the file in the root of your web server. Only web servers served over HTTP may use this method, and the content must read as follows, where example.com is your FQDN as contained in your certificate:

http://example.com/>Upper case value of MD5 hash of CSR>.txt

Additional information

For more information regarding Comodo and its role as a CA, visit their website.

For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

Jason Dobry
We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.