Site icon SSL.com

What is the “Unique Value” Used in Domain Validation (DV)?

The “unique value” in domain validation is a randomly generated string of characters used to prove domain ownership. It’s typically placed in a specific file on your web server or in a DNS record. Certificate Authorities (CAs) check for this value to confirm you control the domain before issuing an SSL/TLS certificate

What is Domain Validation (DV)?

Domain Validation is the most basic level of validation for SSL/TLS certificates. It verifies that the person requesting the certificate has control over the domain in question. This process is automated and typically faster and less expensive than other validation types.

The Role of the Unique Value

The unique value serves as a temporary, one-time proof of domain control. Here’s how it works:

  1. When you request a DV certificate, the CA generates a random, unique value.
  2. You’re instructed to place this value in a specific location associated with your domain.
  3. The CA checks for the presence of this value to confirm your control over the domain.
  4. Once verified, the CA issues your SSL/TLS certificate.

Common Methods for Using the Unique Value

There are several ways to use the unique value for domain validation:

  1. HTTP File Upload: Place a file containing the unique value on your web server.
  2. DNS TXT Record: Add the unique value as a TXT record in your domain’s DNS settings.
  3. Email Verification: Receive an email with the unique value at a standard administrative address for your domain.

Let’s explore each method in more detail:

1. HTTP File Upload

This method involves creating a file with a specific name containing the unique value and uploading it to a predetermined location on your web server.

Steps:

Example:

File: /.well-known/pki-validation/example.txt Content: f3k9d8s7h2l1m4n6p0q5r

For more info on this method see HTTP/HTTPS file lookup

2. DNS TXT Record

This method requires adding a TXT record to your domain’s DNS settings.

Steps:

Example:

Type: TXT Host: _acme-challenge Value: f3k9d8s7h2l1m4n6p0q5r

For more info on this method see DNS CNAME lookup.

3. Email Verification

This method involves receiving an email containing the unique value at a standard administrative email address for your domain.

Steps:

Example Email:

From: noreply@certificateauthority.com To: admin@yourdomain.com Subject: Domain Validation for SSL/TLS Certificate ? Please verify your domain ownership by clicking the link below or entering the following unique value on our verification page: ? Unique Value: f3k9d8s7h2l1m4n6p0q5r Verification Link: https://ca.com/verify?token=abc123

For more info on this method see Email Challenge Response.

What is the “unique value” used for?

The “unique value” (or “unique token”) referred to in SSL.com’s domain validation (DV) documentation is used for compliance with Section 3.2.2.4 (Validation of Domain Authorization or Control) of the CA/Browser Forum’s Baseline Requirements. These requirements stipulate that a “Request Token or Random Value” appear in a file stored in a particular directory of the website that is to be protected by an SSL/TLS certificate (normally /.well-known/pki-validation/), or as part of a DNS record for the domain name to be validated, serving to ensure the uniqueness of the request.

When performing domain validation in SSL.com’s online portal, a random value will made available to the user for this purpose, along with a pre-formatted text file and DNS record for use with the HTTP/HTTPS file lookup and DNS CNAME lookup methods. Please refer to SSL.com’s DV requirements documentation for full details of the available DV methods.

If you are using SSL.com’s SWS API to perform domain validation, you may specify a unique value via the optional unique_value parameter in your request. If you do not supply the unique value via the API, a random value will be automatically generated for you. For complete information, please refer to our API documentation.

Do I need to use a new unique value when I reprocess a certificate or order a certificate for a prevalidated domain name?

The unique value is required at the time that domain control is validated. Therefore, if you add a new domain name when reprocessing a multi-domain certificate and wish to use the DNS CNAME lookup or HTTP/HTTPS file lookup validation method, you will need to create a new CNAME or validation file, with a new unique value.

If you have prevalidated a domain name via the CNAME or File Lookup methods, a new DNS record or file with a new unique value is not required when ordering a certificate for it.

Why is the Unique Value Important?

The unique value plays a critical role in the security of the SSL/TLS ecosystem:

Best Practices for Handling the Unique Value

To ensure a smooth validation process:

Troubleshooting Common Issues

If you encounter problems during domain validation:

Conclusion

Understanding the unique value used in domain validation is crucial for anyone managing SSL/TLS certificates. By following the methods outlined in this article, you can easily prove your domain ownership and secure your website with HTTPS. Remember, the specific steps may vary slightly between Certificate Authorities, so always follow the instructions provided carefully.

For more information on SSL/TLS certificates and web security, visit SSL.com’s resource center or contact our support team for personalized assistance.

Exit mobile version