The article will document how to use the DNS CNAME Validation method to demonstrate control of your domain using DNS, and subsequently automate the SSL certificate approval and issuance process for publicly trusted SSL certificates for your domain.
When requesting an SSL certificate from your CA (Certification Authority) of choice, you should be able to view the status of your request and select an approval method. Approval methods may consist of the following.
- DNS CNAME validation
- HTTP validation
- Email validation
DNS CNAME Validation
The CNAME record creation in this example is based on terminology used in AWS Route 53, but should be generic enough to use in other DNS providers.
- After selecting the DNS CNAME Validation, copy the unique token provided.
- Create the CNAME record with the value in your public DNS for the appropriate hosted zone.
- In the record name, host name, or domain name field, enter the domain name your are requesting an SSL certificate for.
- In the record type field, select CNAME.
- In the target host or value field, enter the copied unique token.
- Use the default value for TTL. This can be changed if necessary.
- Use the default value for the Routing policy, which by default is Simple routing.
- Save the record
- In your CA account, proceed with performing the CNAME validation to prove that you control your domain and have the SSL certificate approved and issued.
- After the certificate has been approved and issued, download and install the newly issued certificate.
This article has documented how to prove ownership of your domain by using the CNAME validation method with your DNS provider to approve and issue SSL certificates for your domain. Let us know in the comments if you have any questions. Search our site for articles on how to install the certificate in various application servers.