JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Certigna: What is the DCV challenge DCV?

The DCV challenge -standing for Domain Control Validation- is a procedure to let us know that the person requesting a certificate is dully authorized to do so by the domain's technical manager. It is an additional vetting.

The different kinds of DCV challenge

You can choose among several kinds of DCV challenge when placing your certificate orders:

The DCV E-mail

It is quite simple: an e-mail is sent to one of the following generic addresses:

  • admin@dom.ain
  • administrator@dom.ain
  • hostmaster@dom.ain
  • webmaster@dom.ain
  • postmaster@dom.ain

The e-mail addresses list depends on the requested FQDN (Internet address to be secured and provided in the CSR) of the order form.

You can also modify the address and request the e-mail to be sent again via your certificate status page.

How to get prepared?

To pass this control, you will have to be the recipient of the DCV e-mail.

You are invited to check right now that you'll actually be able to receive e-mails on one of the generic addresses above. Run some tests by sending e-mails to those addresses.
Make sure as well that your anti-spam system won't hold e-mails from: dcv@certigna.fr

If you are not the recipient of any of those addresses ask the persons who are to forward the DCV e-mails to you.

But we do advise to create an e-mail address not existing yet (administrator@dom.ain?) that would point directly at you. You'll save a lot of time and won't have to wait for someone to forward you the e-mail.

If you are a supplier requesting a certificate for one of your customers you'll have to pass the information on. If you manage their domain names as well make sure there is a redirection from the generic address to your customer e-mail address.

When is this e-mail sent?

The DCV e-mail is sent when your order is transferred to the certification authority. It is valid for 30 days.
From your certificate status page you can follow the audit progress and have the e-mail re-sent to the selected address.

The DCV HTTP / HTTPS

How does it work?

When your order is transferred to the certification authority, a file is created from your CSR. Place this file in the .well-known/pki-valiation/ sub-directory of your website (the file must be reachable via internet in HTTP or HTTPS). A robot will check the presence and the content of this file. If everything is consistent with the information provided, the challenge is validated.

Please note: Let's imagine you want a certificate to secure subdom.domain.com, the robot will search for the file in the .well-known/pki-valiation/ sub-directory of subdom.domain.com. For multi-site certificate securing several sub-domains, one file will have to be placed in the .well-known/pki-valiation/ sub-directory of each sub-domain.

If you are using a Windows Server, the creation of the .well-known directory might be difficult, this is why we have published a documentation about this step.

Case of wildcard SANs and certificates: the file must be placed in the .well-known/pki-valiation/ sub-directory of the domain to be secured. Example: if you want to secure *.dom.domain.com, the file will have to be found under dom.domain.com/.well-known/pki-valiation/.

This file has a name unique to your request, e.g. 3fe988e5-6d49-4fe0-a4b2-8eb0120c2e89.txt. It must not be renamed and its contents must not be altered.

IP addresses of Certigna servers

Need to configure authorizations for the HTTP file access? Here are the IP addresses of Certigna servers:

  • 46.29.127.179
  • 109.197.245.9

The DCV DNS - The specialist's solution

It is a technical handling that aims to add a TXT entry to your server DNS configuration.

How does it work?

When your order is transferred to the certification authority, unique and secret values will be provided to you. The CNAME entry will have the form:

_<unique identifiere>.domain.com CNAME <secret value>.certigna.com

For example:

_7b603cfe-c16e-4d9c-9e0a-2ceef572ec9f.domain.com CNAME pzvfdgwx5ekk5xwv1dec.certigna.com

Warning: If you chose a hosting company such as OVH or GANDI,the configuration will not be taken into account instantaneously. It takes from 10mn to an hour for the modification to be effective (not to mention the propagation time defined in your DNS configuration: TTL).

Specific procedures

How to relaunch the DCV challenge?

No matter the type of DCV challenge you selected, it is always possible to be relaunched (either by asking for the e-mail to be sent again or for the robot to check again the .txt file or the DNS configuration).

To do so, go on your certificate status page and click on the 'Follow up on DCV challenge' button.

Which products are concerned?

All Certigna server products, and server client certificates when they secure a host with a CN using the format server1.domain.com, at order, renewal, and reissue.