20210205 - A new option for the validation of the DCV challenge
At the end of 2018, the CA/B Forum met and voted on a new option for the validation of the DCV challenge.
As a reminder, the DCV challenge, which is mandatory to obtain a server SSL certificate, allows the certification authority to ensure that the certificate applicant has the rights to manage the domain.
There are several validation methods: by e-mail, by file to be placed on the site or via a DNS configuration.
A new option available
The SC13 vote includes a new option for the DCV challenge by email. Until now the list of email addresses available to send the challenge was limited to generic (pre-defined) addresses and the addresses present in the WHOIS.
It is now possible to enter an e-mail address directly in the DNS configuration with a TXT record. The entry should be in the following form:
- Subdomain : _validation-contactemail
- Value : email@example.com
t will then be possible to select this address to send the challenge.
For which products?
For now, only GlobalSign and DigiCert authorities are ready. Sectigo plans to enable this option but has not yet provided a date.