SSL Domain Validation using DNS Change

The Baseline Requirements of the CA/Browser Forum provide several methods to validate control of a requested domain for SSL/TLS certificates. 
 
If you request a domain to be used in SSL/TLS certificates issued by QuoVadis you are presented with several choices to validate control of the domain:
  • Agreed-Upon Change to Website: Post a file provided by QuoVadis on the specified host to demonstrate Domain control. Requires access to the web space root directory
  • DNS Change: Create a DNS entry to demonstrate Domain control. Requires access to the DNS zone for the domain
  • QuoVadis Assisted Validation:   QuoVadis will assist you through alternate manual processes of validating control
BR section 3.2.2.4.7 describes a process using a Random Value published in DNS records for the domain to demonstrate control.You will be provided a Random Value by QuoVadis in the following form:
QuoVadis=example0-0000-0000-0000-example0000
 
The Random value should be posted in DNS for the domain as follows:
example.com.   IN  TXT  “QuoVadis=example0-0000-0000-0000-example0000”
 
Alternatively, you can prefix “_dnsauth” to the record if there is a conflict with an existing CNAME record as follows:
_dnsauth.example.com.   IN  TXT  “QuoVadis=example0-0000-0000-0000-example0000”
 
The Random Value provided by QuoVadis is valid for 30 days, and validation must reoccur according to the applicable requirements of the certificate type (detailed in Section 4.2.1 of the Baseline Requirements or Section 11.14.3 of the EV Guidelines).

Add Feedback