Domain Validation (DV) Process
Last updated
Last updated
© eMudhra. All Rights Reserved.
emSign SSL DV Validation Process is simple & fully automated.
Validation Process: Validation of domain ownership to prove control over the domain.
Issuance Time: Shorter issuance time. Issuance in minutes.
Process Involved:
Domain Control Validation (DCV): Domain Control Validation can be done online and it's an customer friendly automated process.
Certificate Signing Request (CSR): As part of SSL DV process, CSR has to be submitted to emSign.
DNS TXT Record
Log in to your DNS provider and create a new TXT record with the provided host and value. To complete your domain verification, verify your DNS TXT record.
Step-by-Step Guide
Step 1: Log in to your DNS provider's site
Access your DNS provider's website and log in with your credentials.
Find the section where you can manage DNS settings for your domain. This is usually under "DNS Management," "Domain Management," or similar.
Step 2: Create a new TXT record
Locate the option to add a new TXT record. This might be under "Add Record," "Create Record," or similar.
Step 3: Copy the ‘Value’ from emSign system
Open the emSign order tracking link.
Select DCV Method as ‘DNS TXT Record’.
Copy the ‘Value'.
Step 4: Paste the copied Value into a new TXT record in the TXT Value field
In your DNS provider's interface, paste the copied value into the TXT Value field.
Step 5: Host field: Base Domain (e.g., example.com)
Enter the base domain for the Host field. For example, if your domain is example.com, enter example.com. If the TXT record is for a subdomain, enter the subdomain (e.g., sub.example.com).
NOTE: Leave this field blank or enter ‘@’ to signify that the TXT record is for the root of the domain.
Step 6: Select a Time-to-Live (TTL) value
Choose a TTL value. A common default is 3600 seconds (1 hour).
Step 7: Save the TXT record
Save the changes. The exact button might say "Save," "Add Record," or similar.
Step 8: Go to the emSign Platform & click ‘Verify Now’
Open the emSign order tracking link.
Click the ‘Verify Now’ button to complete the verification process.
Constructed Email
Confirming the Organization's control over the FQDN by sending an random value via email which will be valid for 24 hours.
Subscribers can resend the domain verification link from the track order page if the link expires.
Email to DNS CAA Contact
Login to your DNS provider. Create DNS CAA Record and provide your domain's email address as part of 'contactemail' property tag.
NOTE: The entire parameter value must be a valid email address as defined in RFC 6532, with no additional padding or structure, or it cannot be used.
Save the DNS CAA Record.
Email to DNS TXT Contact
Login to your DNS provider. Create the DNS TXT Record and provide your domain's email address on the following subdomain of your domain.
NOTE: The entire parameter value must be a valid email address as defined in RFC 6532, with no additional padding or structure, or it cannot be used.
HTTP/HTTPS File-based
File-based (HTTP / HTTPs URL) DCV method can only be used to prove the domain ownership over fully qualified domain names (FQDNs), exactly as named. In case you wish to have it work for both www and without www, we recommend you to use alternate DCV methods.
What is CAA?
CAA is a control to restrict which CAs can issue certificates for a particular domain name for issuing the certificate. By configuring the DNS CAA record, domain owners can specify which Certification Authorities are authorized to issue certificates to that domain name. You can use CAA to reduce your exposure to vulnerabilities in certificate authority validation systems and to enforce certificate procurement policies.
To use CAA, you publish a set of CAA records in your domain's DNS that list the CAs that you authorize to issue certificates. Before issuing a certificate, the CA checks your CAA records and blocks the request if they are not listed.
What is a CAA record?
A Certification Authority Authorization (CAA) record is a standard that lets you specify which certificate authorities (CAs) are allowed to issue certificates for your domain. The purpose of the CAA record is to allow domain owners to authorize which certificate authorities are allowed to issue a certificate for a domain.
Before issuing a certificate, the CA checks your CAA records and blocks the request if they are not listed. If no CAA record is present, any CA is allowed to issue a certificate for the domain.
CAA records can set policy for the entire domain, or for specific HostNames.
CAA records are also inherited by sub-domains.
CAA records can regulate the issuance of single-name certificates, wildcard certificates, or both.
