Skip to main content

HTTP 실제 증명 유효성 검사 방법을 사용하여 도메인 제어 확인

HTTP 실제 데모로 TLS/SSL 인증서 주문의 도메인에 대한 제어를 증명

Use these instructions to demonstrate control over a domain by hosting a file containing a DigiCert-generated random value (provided for the domain in your CertCentral account) at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/fileauth.txt. For more information, see Demonstrate control over domains on a pending TLS certificate order.

After you've created the file and placed it on your site, DigiCert visits the specified URL to confirm the presence of our random value. Make sure to avoid the 일반적 실수: HTTP 실제 증명 DCV 방법.

Before you begin

Items to note about using the HTTP Practical Demonstration DCV method

  • Validate fully qualified domain names (FQDNs) only

    Only use the HTTP Practical Demonstration DCV methods to demonstrate control over FQDNs exactly as named. To learn more, visit Domain Validation Policy Changes.

    Use one of the other supported DCV methods, such as email, DNS TXT, and CNAME, to:

    • Validate wildcard domains (*.example.com)

    • Include subdomains in the validation when validating a higher-level domain.

      For example, if you want to cover www.example.com, mail.example.com, and one.example.com when validating the higher-level domain example.com.

  • Validate IPv4 and IPv6 addresses

    Per industry regulations, you must use the HTTP Practical Demonstration DCV method to demonstrate control over IPv4 and IPv6 addresses.

Validate domains before ordering certificates

Validating domains during the order process means certificates will not be issued until domain validation is complete. For faster certificate issuance, validate domains before adding them to your OV and EV TLS certificate orders.

To learn more about this domain validation process, see Supported DCV methods for validating domains in your CertCentral account.

단계 1: 보류 중 주문의 상태를 확인

SSL/TLS 인증서의 주문 세부 정보 페이지로 이동하여 인증서를 발급하기 전에 완료해야 하는 도메인 및 조직 유효성 검사를 확인합니다.

  1. CertCentral 계정에서 주문의 주문 번호 세부 정보 페이지로 갑니다.

    1. In the left main menu, go to Certificates > Orders.

    2. On the Orders page, in the Order # column, locate and select the TLS certificate's order number link.

    3. For CertCentral Subscription accounts, the steps to access the Order # detail page are different.

      1. In the left menu, go to My Digital Trust Products > Certificates.

      2. On the Certificates page, in the Order # column, select the TLS certificate's order number link.

  2. On the certificate’s Order # details page, in the Certificate status section, check the order's issuance status to see if the order is waiting on domain or organization validation to be completed.

    After validation is completed, the Certificate status section no longer appears on the page.

  3. Under What do you need to do, select the domain's link you want to validate.

  4. In the Prove control over domain window, in the Domain control validation (DCV) method menu, select HTTP Practical Demonstration and then select Save.

  5. Create a .txt file and add the DigiCert-provided random value.

    1. Open a text editor (such as , Notepad).

    2. In the Order token box, copy your token and paste the random value in text editor.

      The random value expires after 30 days.

    3. Save the .txt file under this name: fileauth.txt.

  6. Create the .well-known/pki-validation/ directory on your site.

    For Windows-based servers, the .well-known folder must be created via command line (mkdir .well-known).

  7. Place the fileauth.txt file on your site under .well-known/pki-validation.

    The URL should look something like this:

    http://[yourdomain]/.well-known/pki-validation/fileauth.txt

  8. Complete domain validation

    1. In CertCentral, go to the certificate's Order # details page.

      1. In the left main menu, go to Certificates > Orders.

      2. On the Orders page, in the Order # column, select the TLS certificate's order number link.

      For CertCentral Subscription accounts:

      1. In the left main menu, go to My Digital Trust Products > Certificates.

      2. On the Certificates page, in the Order # column, select the TLS certificate's order number link.

    2. On the Order # details page, in the Certificate status section, under What do you need to do, select the domain link.

    3. In the Prove control over domain window, under 4. Complete domain validation, select Check site.

이 섹션의 내용: