Site: US UK AU |

What is domain control validation (DCV)?

What is domain control validation (DCV)?

This article identifies the three methods Nexcess clients can use to send DCVs to Comodo as part of the procedure for registering SSL certificates. 


A domain control validation, or DCV, is used by the CA before issuing an SSL certificate to verify the person making the request is in fact authorized to use the domain related to that request. Nexcess uses Comodo as their CA exclusively.


After submitting your CSR, you must choose one of the three methods provided by Comodo. Only the domain owner or someone authorized by that domain owner may validate with Comodo. Three methods are by email, by DNS record, and by file authorization.


The email method is the traditional means of validating ownership of your domain with DCV. Comodo will send an email to the administrative contact for the domain. This email will provide a unique validation code and a link; click the link and enter the code to validate.

 For security reasons, Comodo can only send the DCV email to five different types of email addresses:

  • admin@
  • administrator@
  • postmaster@
  • webmaster@
  • hostmaster@

 All of these options end with the domain used to create the CSR. If your domain does not have an email address corresponding to one of these types, then you must either create one for the DCV or provide a valid email address listed in your whois data. However, domains with private registration will have an invalid email address and must instead use one of the options listed above.

DNS record

The CSR you submit to Comodo will be hashed and these hash values will be provided to you. To validate, you must enter these hash values as a DNS CNAME record for your domain according to the following format, where is the FQDN contained in your certificate:

<Value of MD5 hash of CSR> <value of SHA1 hash of CSR>


Also called an HTTP-based DCV, this method also requires you to use the hash values provided to you by Comodo. To validate, create a plaint-text file and place the file in the root of your web server. Only web servers served over HTTP may use this method, and the content must read as follows, where is your FQDN as contained in your certificate:>Upper case value of MD5 hash of CSR>.txt

Additional information

For more information regarding Comodo and its role as a CA, visit their website.

For 24-hour assistance any day of the year, contact our Support Team by email or through the Client Portal.

Article Rating (1 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
What is whois?
Added on Mon, Feb 16, 2015
How to verify DNS propagation
Added on Tue, Jul 30, 2013
How to choose between and for your CSR
Added on Mon, Feb 5, 2018
How to create a subdomain with SiteWorx
Added on Mon, Aug 5, 2013
How to configure custom nameservers
Added on Tue, Aug 6, 2013
How to install and launch MTR
Added on Tue, Oct 8, 2013
How to manage disk space
Added on Fri, Aug 15, 2014
What is the Comodo UserTrust Subscriber Agreement?
Added on Mon, Dec 8, 2014
What is a development server?
Added on Mon, Feb 16, 2015
How to point your domain name to Nexcess nameservers
Added on Thu, Mar 29, 2018