Australia's Leading Computer Emergency Response Team

Domain approval and domain control validation
Date: 19 September 2011
Original URL: http://www.auscert.org.au/render.html?cid=11262&it=14860

Domain approval and Domain Control Validation (DCV)

Domain approval

Before a participant organisation may issue certificates from the CSM, it must add registered, fully qualified domain name (FQDN) or internal domain entries to the management interface, for approval by AusCERT. For non-internal domains, AusCERT must verify that each FQDN belongs to the organisation before approving the addition of the domain in the CSM. This applies for all (SSL, code signing and S/MIME) certificate types.

This process does not apply to non-FQDNs that are for internal hosting purposes only. For more information about certificate requirements for non-FQDNs, refer to the FAQ.

Process for submitting a domain registered to your organisation for verification:

  1. The RAO uses the Certificate Service Manager (CSM) to associate one or more domain(s) for their organisation.

  2. AusCERT conducts a validation process that includes a WHOIS check to verify that the domain is registered to the Participant Organisation: AusCERT procedure for domain approval.

  3. If the validation is successful, AusCERT approves the domain addition.

  4. The domain (and its sub-domains), is available for management within the CSM.

  5. Certificates ordered from within the CSM are subject to further domain control validation (DCV) by Comodo.

Domain Control Validation (DCV)

Changes to CAB Forum standards mean that Comodo will perform domain control validation (DCV) to verify domain ownership by POs.

Extended Validation SSL (EVSSL) certificates

EVSSL certificates have additional ("extended") validation steps, beyond those conducted by AusCERT for domain addition. POs can obtain EV SSL certificates for single and multiple domains, at extra cost, through the Certificate Service Manager. Contact AusCERT CS to enable this to occur. For further details about how to acquire an EVSSL Certificate through Comodo, see the FAQ.

Delays in issuing certificates

The turn-around time for domain approvals is affected by the current AusCERT CS workload, as well as by Comodo DCV requirements. AusCERT will always endeavour to approve domains as quickly as possible, however it can take up to two business days to obtain a certificate. If there are delays, send an email to AusCERT CS.