There are 3 options for the validation of a SSL Certificate.
Most orders will be validated via an email. Which emailaddresses can be used, can be found here
The other 2 validation options do not necessarily include the involvement of the endcustomer;
- DNS based validation requires a special CNAME record to exist. This CNAME record contains the MD5 hash value of your CSR in its name and the SHA1 hash value in its contents. Two examples (for a wildcard certificate, put the record on the root domain, e.g. use domain.com for a certification on *.domain.com):
<md5>.yourdomain.com. CNAME <sha1>.comodoca.com.
<md5>.sub.yourdomain.com. CNAME <sha1>.comodoca.com.
HTTP and HTTPS based validation require a special file to exist. The name of this file contains the (uppercase!) MD5 hash value of your CSR and the file contents contains the SHA1 hash value of your CSR plus comodoca.com. Two examples:
Note that validation will fail if redirection is in place.
The MD5 and SHA1 hash values for your certificate can be retrieved via the retrieveOrderSslCertRequest API command.
You can also generate the MD5 and SHA1 with the following OpenSSL commands:
- openssl req -in key.csr -outform DER|openssl md5
- openssl req -in key.csr -outform DER|openssl sha1
Any questions about these 2 validation methods? Please contact firstname.lastname@example.org