Demonstrate control over your domain with a DNS CNAME Record

Follow these instructions to add and authorize a domain for SSL/TLS certificates. Then, use the DNS CNAME Record DCV method to demonstrate control over the domain in your CertCentral account.

Note: When domain validation can't be done ahead of time, see Domain Validation (Pending Order): Use the DNS CNAME Record DCV Method.

This validation method allows you to demonstrate control over your domain by creating a DNS CNAME record containing a randomly generated token. The CNAME record is used to point token.domain to DigiCert (

For information about other supported DCV methods in CertCentral, see Domain Pre-Validation: Domain Control Validation (DCV) Methods.

Step I: Add and Authorize a Domain for SSL/TLS Certificates

  1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.

    CertCentral Domains

  2. On the Domains page, click New Domain.

    CertCentral Domains

  3. On the New Domain page, under Domain Details, enter the following domain information:

    1. *Domain Name

      In the box, enter the domain name for which the certificates will be requested (e.g.,

    2. *Organization

      In the drop-down list, select the organization to which the domain is assigned.

    CertCentral Domains

  4. Under Validate This Domain For, check the validation types for which you want the domain validated:

    • OV – Normal Organization Validation

    • EV – Extended Organization Validation (EV)*

    Validation Note: Before you can submit a domain for OV and/or EV validation, you must first submit its organization for OV and/or EV validation.

    *In the EV Verified User drop-down list, select an account user that you want to designate as an EV Certificate requests approver.

    Only an EV Verified User can approve Extended Validation (EV) Certificate requests. Note that only users with a job title and valid telephone number appear in the drop-down list.

    Note: The EV Verified User drop-down list box only appears if you checked EV - Extended Organization Validation (EV), and the organization that you selected earlier (step 3) has not been pre-authorized for EV-Extended Organization Validation (EV).

    CertCentral Domains

  5. Under *Domain Control Validation (DCV) Method, select DNS CNAME Record.

    Note: The default DCV method is Verification Email.

    CertCentral Domains

  6. Click Submit for Validation.

Step II: Use DNS CNAME Record to Demonstrate Control Over the Domain

  1. Create the DNS CNAME Record:

    1. Under User Actions, in the Your unique verification token box, copy your verification token.

      To copy the value to your clipboard, single click in the text field.

      Note: The unique verification token expires after thirty days. To generate a new token, click the Generate New Token link.

    2. Go to your DNS provider's site and create a new CNAME record.

    3. In the hostname field (or equivalent), paste the verification token that you copied from your DigiCert account.

    4. In the record type field (or equivalent), select CNAME.

    5. In the target host field (or equivalent), enter (this points the CNAME record to

    6. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

    7. Save the record.

    CertCentral Domains

  2. Verify the DNS CNAME Record:

    1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.

    2. On the Domains page, click the "Domain Name" link (e.g.,

    3. On the "Domain Name" page (e.g.,, at the bottom of the page, click Check CNAME.

      You have successfully verified the CNAME.