CA VALIDATION OF DOMAIN NAMES HAS CHANGED

Server certificate validation has changed. New validation methods are described below. User has to choose the preferred method by himself using “Request domains” page or in the single certificate order form. In each method an email will be send which has instructions of actions needed before new domain is available for self-service certificate enrollment. After the actual validation there may be one hour delay before the domain is visible in Telia certificate portal.

DNS method
Certificate applicant or DNS operator named by him/her will receive a small string with instructions via email. Customer or DNS operator must add the string to the TXT record of DNS service under the domain using normal DNS maintenance processes. Telia Certificate service will regularly poll it. When the string is available in the DNS, the domain name will be authorized for use in Telia certificate portal. Please note:

  • It may take several hours before DNS gets updated
  • Do not place the string at your webserver
  • Choose this method if your device is not accessible from public Internet

File method
Certificate applicant or server operator named by him/her will receive a small random file with instructions via email. Customer must add the file to a specific path in a server which is listening http port 80 and set to serve the requested domain name. Telia Certificate service will regularly poll the website. When the file is available, the domain name will be authorized for use in Telia certificate portal.

Email method
Certificate applicant sends email via Telia Certificate service to the email addresses available at WHOIS service and/or standard email addresses 'admin@', 'administrator@', 'webmaster@', 'hostmaster@', or 'postmaster@' followed by the domain name in question. Any of the receivers will have to click on the link in the message and authorize the domain to the Applicant. After successful validation the domain name is available to applicant at Telia certificate portal. Please check before using this method the availability of email boxes iand access to them for mentioned addresses.

Phone method
In this validation method Telia is allowed to use only contact phone numbers that are shown at the domain register. Customer has to check that WHOIS service (e.g. whois.net) includes correct contact phone number related to the domain and the person answering to this number has the authority to say "yes" when Telia calls to the number and asks if Applicant is authorized to use the domain in server certificates. Note! Domain registrars have removed all telephone numbers from .com,.org and .net domains because of GDPR. Thus this method is not available with those domains.




Suitability of the methods
Some methods are better suited for validation of single DNS names like webshop.company.com and some are better suited for validation of entire network domain like .company.com.

After validation of the entire domain it is possible to order certificates from Telia for all DNS names of the domain in question for a period of two without a need for further validations. Validation of entire domain is recommended, but it is not always possible due to missing WHOIS information or privacy policies of certain domain registries. In these cases file and DNS methods, which are independent of domain registry data, are the recommended methods.

The table below lists recommendations for the validation method use:

Validation MethodA single DNS nameEntire domain
DNSRecommendedRecommended
FileRecommendedNot recommended
EmailNot recommendedRecommended
TelephoneNot recommendedRecommended