What is domain control validation (DCV)?

What is domain control validation (DCV)?

This article identifies the three methods Nexcess clients can use to send DCVs to Comodo as part of the procedure for registering SSL certificates. 


A domain control validation, or DCV, is used by the CA before issuing an SSL certificate to verify the person making the request is in fact authorized to use the domain related to that request. Nexcess uses Comodo as their CA exclusively.


After submitting your CSR, you must choose one of the three methods provided by Comodo. Only the domain owner or someone authorized by that domain owner may validate with Comodo. Three methods are by email, by DNS record, and by file authorization.


The email method is the traditional means of validating ownership of your domain with DCV. Comodo will send an email to the administrative contact for the domain. This email will provide a unique validation code and a link; click the link and enter the code to validate.

 For security reasons, Comodo can only send the DCV email to five different types of email addresses:

  • admin@
  • administrator@
  • postmaster@
  • webmaster@
  • hostmaster@

 All of these options end with the domain used to create the CSR. If your domain does not have an email address corresponding to one of these types, then you must either create one for the DCV or provide a valid email address listed in your whois data. However, domains with private registration will have an invalid email address and must instead use one of the options listed above.

DNS record

The CSR you submit to Comodo will be hashed and these hash values will be provided to you. To validate, you must enter these hash values as a DNS CNAME record for your domain according to the following format, where example.com is the FQDN contained in your certificate:

<Value of MD5 hash of CSR>.example.com.CNAME <value of SHA1 hash of CSR>.comodoca.com.


Also called an HTTP-based DCV, this method also requires you to use the hash values provided to you by Comodo. To validate, create a plaint-text file and place the file in the root of your web server. Only web servers served over HTTP may use this method, and the content must read as follows, where example.com is your FQDN as contained in your certificate:

http://example.com/>Upper case value of MD5 hash of CSR>.txt

Additional information

For more information regarding Comodo and its role as a CA, visit their website.

For 24-hour assistance any day of the year, contact our Support Team by email or through the Client Portal.

Article Rating (1 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.