Alternative validation methods for SSL Certificates

There are 3 options for the validation of a SSL Certificate.
Most orders will be validated via an email. Which emailaddresses can be used, can be found here

The other 2 validation options do not necessarily include the involvement of the endcustomer;

  • DNS based validation requires a special CNAME record to exist. This CNAME record contains the MD5 hash value of your CSR in its name and the SHA1 hash value in its contents. Two examples (for a wildcard certificate, put the record on the root domain, e.g. use for a certification on *

    <md5> CNAME <sha1>
    <md5> CNAME <sha1>
  • HTTP and HTTPS based validation require a special file to exist. The name of this file contains the (uppercase!) MD5 hash value of your CSR and the file contents contains the SHA1 hash value of your CSR plus Two examples:

    http(s)://<uppercase MD5>.txt

    http(s)://<uppercase MD5>.txt

    Note that validation will fail if redirection is in place.

The MD5 and SHA1 hash values for your certificate can be retrieved via the retrieveOrderSslCertRequest API command.

You can also generate the MD5 and SHA1 with the following OpenSSL commands:

  • openssl req -in key.csr -outform DER|openssl md5
  • openssl req -in key.csr -outform DER|openssl sha1

Any questions about these 2 validation methods? Please contact


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.