Domain Verification

Last updated: 2020-02-25 16:11:10

PDF

Scenarios

This document tells you how to verify your ownership of a domain name after applying for a DV certificate.

  • Please complete the verification as soon as possible. CA will reject your certificate application if you fail to finish and pass the verification process within 3 days.
  • After the verification is passed, you can use the Certificate Management Download and install the relevant certificate.

The domain name ownership can be verified by:

Verification ModeUse CasesWaiting time for issuance
Automatic DNS verificationThe domain name resolved by Tencent Cloud must be used.
If Tencent Cloud parsing is used, it is recommended to use this method.
Domain name type DVThe issuing time is 10 minutes-24 hours.
Manual DNS verificationIt is suitable for domain names that are resolved on any platform.
File verificationIn cases where there are limitations in using automatic DNS validation and manual DNS validation.
(the operation process is complicated and requires a certain foundation for building a station.)

Prerequisites

Steps

Automatic DNS Verification

This DNS verification method is limited to domain names resolved by Tencent Cloud DNS.

If the domain name for which you are applying for a certificate has been resolved by Tencent Cloud DNS, you can choose automatic verification.
The system will automatically add the specified DNS resolution record for the domain name, and automatically complete the domain name ownership verification.

Manual DNS Verification

The following actions are only for domain names Domain name parser In the case of Tencent Cloud, if it is not Tencent Cloud, please go to the corresponding domain name Domain name parser To parse at.

  1. Log in to the SSL Certificates Service Console .
  2. On the "Certificate List" page, select the ID of the DV certificate to be viewed to enter the "Certificate Details" page, as shown below:
  3. Add resolution record
  • If your domain name (for example, www.domain.com ) corresponding Domain name parser In Tencent Cloud.
    1. Please put the Certificate details The content is saved.
    2. Login Tencent Cloud DNS console To view the domain name for which the certificate has been applied for, and click Resolution on the operation bar to enter the record Management page.
    3. Click [add record] to add a DNS record with a record type of TXT.
  • If your domain name corresponds to Domain name parser It's not Tencent Cloud, please send it first. Certificate details Save the content and go to the corresponding domain name Domain name parser Add a resolution record at.
  1. After the certificate is successfully added, the system that adds the TXT record value for the corresponding domain name of the certificate will check regularly. If it can be detected and matches the specified value, the domain name ownership verification can be completed.

File Verification

  1. Log in to the SSL Certificates Service Console .
  2. On the "Certificate List" page, select the ID of the DV certificate to be viewed to enter the "Certificate Details" page, as shown below:
  3. Please log in to the server and make sure that the domain name points to the server.

If your domain name corresponds to Domain name parser In Tencent Cloud, point the domain name to your server.

  1. Create the specified file in the root directory of the website, including the file directory, name, and content.

    The website root directory refers to the folder where you store the website programs on the server. Its name may be wwwroot, htdocs, public_html, or webroot.

  • Examples

The root of your website is Directory C:/inetpub/wwwroot . You can go to wwwroot Create a file under the folder as shown in the following table:

File DirectoryFileNameFile Content
/. Well-known/pki-validationFileauth.txt2019080603.ep939jlu32alzeo
  • Note
    On Windows, you need to create a file and folder that begin with a dot by running the command line. For example, to create a .well- known folder, open a command prompt and execute the command mkdir. Well- known to create it.
  1. Open a browser and access the corresponding URL based on the type of the domain name to be verified.

URL format: http://domainname/filedirectory/filename or https://domainame/filedirectory/filename. Access links to the contents of the file, such as 2019080603.ep939jlu32alzeo.

  • If the domain name for which you apply for file verification is example.www.domain.com, access the URL http://example.www.domain.com/.well-known/pki-validation/fileauth.txt or https://example.www.domain.com/.well-known/pki-validation/fileauth.txt for verification.

    for a second-level domain name starting with www, such as www.domain.com, you need to do the following two steps:
    -the first step is to add [File Verification] (# FileVerification) to the domain name.
    -the second step is to verify the main domain name domain.com (you do not need to reapply for a certificate). The verification method is verified according to linked address format, and the verification value is consistent.

  • If the domain name for which you apply for file verification is a wildcard domain name-* .domain.com, access the URL http://domain.com/.well-known/pki-validation/fileauth.txt orhttps://domain.com/.well-known/pki-validation/fileauth.txt for verification.

    • Both HTTP and HTTPS are supported, and either of them can be accessed.
    • File verification does not support any redirect, instead, it directly responds to status code 200 and file content is needed.
  1. Please wait patiently for CA agency scan review. After the certificate is issued, the file and Directory can be cleared.

If anything goes wrong during this process, please Contact us .