Site: US UK AU |

What is domain control validation (DCV)?

What is domain control validation (DCV)?

This article identifies the three methods Nexcess clients can use to send DCVs to Comodo as part of the procedure for registering SSL certificates. 


A domain control validation, or DCV, is used by the CA before issuing an SSL certificate to verify the person making the request is in fact authorized to use the domain related to that request. Nexcess uses Comodo as their CA exclusively.


After submitting your CSR, you must choose one of the three methods provided by Comodo. Only the domain owner or someone authorized by that domain owner may validate with Comodo. Three methods are by email, by DNS record, and by file authorization.


The email method is the traditional means of validating ownership of your domain with DCV. Comodo will send an email to the administrative contact for the domain. This email will provide a unique validation code and a link; click the link and enter the code to validate.

 For security reasons, Comodo can only send the DCV email to five different types of email addresses:

  • admin@
  • administrator@
  • postmaster@
  • webmaster@
  • hostmaster@

 All of these options end with the domain used to create the CSR. If your domain does not have an email address corresponding to one of these types, then you must either create one for the DCV or provide a valid email address listed in your whois data. However, domains with private registration will have an invalid email address and must instead use one of the options listed above.

DNS record

The CSR you submit to Comodo will be hashed and these hash values will be provided to you. To validate, you must enter these hash values as a DNS CNAME record for your domain according to the following format, where is the FQDN contained in your certificate:

<Value of MD5 hash of CSR> <value of SHA1 hash of CSR>


Also called an HTTP-based DCV, this method also requires you to use the hash values provided to you by Comodo. To validate, create a plaint-text file and place the file in the root of your web server. Only web servers served over HTTP may use this method, and the content must read as follows, where is your FQDN as contained in your certificate:>Upper case value of MD5 hash of CSR>.txt

Additional information

For more information regarding Comodo and its role as a CA, visit their website.

For 24-hour assistance any day of the year, contact our Support Team by email or through the Client Portal.

Article Rating (1 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
How to create and edit DNS zones in the Client Portal
Added on Mon, May 7, 2018
Domain registration frequently asked questions
Added on Fri, Jan 31, 2014
What is whois?
Added on Mon, Feb 16, 2015
How to create secondary domains in Nexcess Cloud
Added on Fri, Jun 1, 2018
How to configure custom nameservers
Added on Tue, Aug 6, 2013
How to create a pointer domain with SiteWorx
Added on Tue, Aug 6, 2013
How to use TraceRoute
Added on Mon, Aug 5, 2013
How to point your domain name to Nexcess nameservers
Added on Thu, Mar 29, 2018
What is a DUNS number?
Added on Mon, Dec 8, 2014
How to install and launch MTR
Added on Tue, Oct 8, 2013