emSign Knowledge Base
  • emSign
  • Getting Started
    • About emSign
    • Why emSign?
    • Key Highlights
      • Root Store Listings
      • Trust
      • Security
    • Certificate Lifecycle and Key Management Platform (CERTInext)
  • emSign CERTInext
    • Overview
    • Getting Started
      • Enterprise Sign up
      • Partner Sign up
      • Retail Customers
      • Multi-account Association
        • User and Group Management
        • Multifactor Authentication and Single Sign On
        • Enforce 2FA
        • IP Restrictions
        • Digital Certificate based login
      • Alerts and Notifications
    • Ordering a Certificate
      • As a Customer
        • DV certificates
        • OV Certificates
        • EV Certificates
        • SMIME Certificates
        • Intranet SSL Certificate
        • IGTF Certificates
        • Subscription Plan Coverage for SSL Products
        • Group-based Certificates Ordering
        • Ordering using Custom Fields
      • As a Partner
        • Order for Customers
        • Order for Sub-accounts
      • Requester Approval Workflows
        • EV requests by Authorized Signatory
        • Certificate requests by Administrator
      • Submitting a Certificate Signing Request (CSR)
        • Submit CSR for Pending Orders
        • Replace CSR for Pending Orders
      • Downloading Certificates
        • Download Interim DV
        • Download Certificate
      • Post Order Actions
        • Renew Certificate
        • Revoke an issued Certificate
        • Reissue Certificate
        • Add / Remove SANs for Multi-Domain SSL
    • Management
      • Domains
      • Organizations
      • Orders
      • Products
      • Templates
        • CSR Templates
        • Provisioning Templates
    • Integrations
      • Using APIs to Order
        • REST APIs
        • ACME APIs
      • Tools
        • eMudhra Certificate Utility Tool
        • eMudhra emSign Click Tool
          • Procedure for installing Certificate in HSM
          • Procedure for Attested CSR Generation
      • CA Connectors
    • Billing & Payments
      • Add Credits
      • Invoices
      • Statement (Ledger Statement)
      • Product Price List
    • Reports
      • Orders Report
      • Overall Statistics
      • Certificates Report
      • Key Store Report
      • Key Report
      • Sales Summary
      • Audit Logs
    • Settings
      • Reporting Tags
      • Manage Schedules
      • Custom Fields
    • Certificate Lifecycle Management
      • Discover Certificates
      • emSign CERTInext Bot
    • Key Lifecycle Management
      • Manage Keys
      • Key Profiles
      • Key Store
  • Certificate Approval Process
    • Domain Validation (DV) Process
    • Organization Validation (OV) Process
    • Extended Validation (EV) Process
    • User Certificates Process
    • SMIME Certificate Process
    • Qualified Sources
  • Certificate Installation
    • Before you install
    • Browser Compatibility
    • emSign's Security Seal
    • Installing SSL Certificate on IIS
    • Installing SSL Certificate on cPanel
    • Installing SSL Certificate on Amazon Web Services (AWS)
    • Installing SSL Certificate on Apache
    • Installing SSL Certificate on Plesk 12
    • Installing SSL Certificate on NGINX
    • Installing SSL Certificate on Google App Engine
    • Installing SSL Certificate on WHM
    • Installing SSL Certificate on Ubuntu
    • Installing SSL Certificate on Tomcat
    • Installing SSL Certificate on Heroku
    • Installing SSL Certificate on Bigcommerce
    • Installing Root & Intermediate Certificates for Intranet SSL
    • Supported Devices for auto-provisioning of certificates
    • SSL/TLS Server Rating Guide
  • Release Notes
    • Introduction
    • R1522 (31-Dec-2024)
    • R1490 (29-Nov-2024)
    • R1460 (30-Oct-2024)
    • R1427 (27-Sep-2024)
    • R1371 (02-Aug-2024)
    • R1354 (16-Jul-2024)
    • R1300 (23-May-2024)
    • R1251 (04-Apr-2024)
    • R1230 (14-Mar-2024)
    • R1196 (09-Feb-2024)
    • R1167 (11-Jan-2024)
    • R1152 (27-Dec-2023)
    • R1139 (14-Dec-2023)
    • R1124 (29-Nov-2023)
    • R1115 (20-Nov-2023)
    • R1101 (06-Nov-2023)
    • R1075 (11-Oct-2023)
    • R1062 (28-Sep-2023)
    • R1046 (12-Sep-2023)
    • R1039 (05-Sep-2023)
    • R1031 (28-Aug-2023)
    • R1024 (21-Aug-2023)
    • R1001 (29-Jul-2023)
Powered by GitBook

© eMudhra. All Rights Reserved.

On this page
  • Domain Control Validation(DCV)
  • CAA Verification

Was this helpful?

Export as PDF
  1. Certificate Approval Process

Domain Validation (DV) Process

PreviousKey StoreNextOrganization Validation (OV) Process

Last updated 2 months ago

Was this helpful?

emSign SSL DV Validation Process is simple & fully automated.

  • Validation Process: Validation of domain ownership to prove control over the domain.

  • Issuance Time: Shorter issuance time. Issuance in minutes.

Process Involved:

  1. Domain Control Validation (DCV): Domain Control Validation can be done online and it's an customer friendly automated process.

  2. Certificate Signing Request (CSR): As part of SSL DV process, CSR has to be submitted to emSign.

Domain Control Validation(DCV)

DNS TXT Record

  • Log in to your DNS provider and create a new TXT record with the provided host and value. To complete your domain verification, verify your DNS TXT record.

Step-by-Step Guide

Step 1: Log in to your DNS provider's site

  1. Access your DNS provider's website and log in with your credentials.

  2. Find the section where you can manage DNS settings for your domain. This is usually under "DNS Management," "Domain Management," or similar.

Step 2: Create a new TXT record

  1. Locate the option to add a new TXT record. This might be under "Add Record," "Create Record," or similar.

Step 3: Copy the ‘Value’ from emSign system

  1. Open the emSign order tracking link.

  2. Select DCV Method as ‘DNS TXT Record’.

  3. Copy the ‘Value'.

Step 4: Paste the copied Value into a new TXT record in the TXT Value field

  1. In your DNS provider's interface, paste the copied value into the TXT Value field.

Step 5: Host field: Base Domain (e.g., example.com)

  1. Enter the base domain for the Host field. For example, if your domain is example.com, enter example.com. If the TXT record is for a subdomain, enter the subdomain (e.g., sub.example.com).

NOTE: Leave this field blank or enter ‘@’ to signify that the TXT record is for the root of the domain.

Step 6: Select a Time-to-Live (TTL) value

  1. Choose a TTL value. A common default is 3600 seconds (1 hour).

Step 7: Save the TXT record

  1. Save the changes. The exact button might say "Save," "Add Record," or similar.

Step 8: Go to the emSign Platform & click ‘Verify Now’

  1. Open the emSign order tracking link.

  2. Click the ‘Verify Now’ button to complete the verification process.

Constructed Email

  • Confirming the Organization's control over the FQDN by sending an random value via email which will be valid for 24 hours.

  • Subscribers can resend the domain verification link from the track order page if the link expires.

Email to DNS CAA Contact

  • Login to your DNS provider. Create DNS CAA Record and provide your domain's email address as part of 'contactemail' property tag.

  • NOTE: The entire parameter value must be a valid email address as defined in RFC 6532, with no additional padding or structure, or it cannot be used.

  • Save the DNS CAA Record.

Email to DNS TXT Contact

  • Login to your DNS provider. Create the DNS TXT Record and provide your domain's email address on the following subdomain of your domain.

  • NOTE: The entire parameter value must be a valid email address as defined in RFC 6532, with no additional padding or structure, or it cannot be used.

HTTP/HTTPS File-based

  • File-based (HTTP / HTTPs URL) DCV method can only be used to prove the domain ownership over fully qualified domain names (FQDNs), exactly as named. In case you wish to have it work for both www and without www, we recommend you to use alternate DCV methods.

CAA Verification

What is CAA?

CAA is a control to restrict which CAs can issue certificates for a particular domain name for issuing the certificate. By configuring the DNS CAA record, domain owners can specify which Certification Authorities are authorized to issue certificates to that domain name. You can use CAA to reduce your exposure to vulnerabilities in certificate authority validation systems and to enforce certificate procurement policies.

To use CAA, you publish a set of CAA records in your domain's DNS that list the CAs that you authorize to issue certificates. Before issuing a certificate, the CA checks your CAA records and blocks the request if they are not listed.

What is a CAA record?

A Certification Authority Authorization (CAA) record is a standard that lets you specify which certificate authorities (CAs) are allowed to issue certificates for your domain. The purpose of the CAA record is to allow domain owners to authorize which certificate authorities are allowed to issue a certificate for a domain.

Before issuing a certificate, the CA checks your CAA records and blocks the request if they are not listed. If no CAA record is present, any CA is allowed to issue a certificate for the domain.

  1. CAA records can set policy for the entire domain, or for specific HostNames.

  2. CAA records are also inherited by sub-domains.

  3. CAA records can regulate the issuance of single-name certificates, wildcard certificates, or both.