In the definitions below, $FQDN
represents the Fully-Qualified Domain Name (FQDN) requested in the certificate subject, $DOMAIN
represents the Registered Domain Name portion of the FQDN, and ${FQDN-n}
is the FQDN with the first n labels pruned.
Calculate the MD5 and SHA1 hashes of the DER encoding of the CSR that will be sent to Comodo. Let these be $CSRMD5
and $CSRSHA1
respectively.
If requesting a non-wildcard FQDN, create the following record:
$CSRMD5.$FQDN. IN CNAME $CSRSHA1.comodoca.com.
If requesting a wildcard FQDN, create the following record:
$CSRMD5.${FQDN-1}. IN CNAME $CSRSHA1.comodoca.com.
The appliance will send a CSR and GlobalSign will return a challenge string. Let this be $CHALLENGE
. Create the following record:
$DOMAIN. IN TXT "globalsign-domain-verification=$CHALLENGE"
The applicant will send a CSR and GoDaddy will return a 7 character challenge string. Let this be $CHALLENGE
. Create the following record:
dzc.$DOMAIN. IN TXT "$CHALLENGE"
The applicant will send a CSR and Symantec will return a 31 character challenge string. Let this be $CHALLENGE
. Calculate the current time in the format YYYYMMDDHHMMSS and let this be $TIMESTAMP
. Create the following record:
s$CHALLENGE.$DOMAIN. IN CNAME s$TIMESTAMP.$DOMAIN.
The timestamp must be within 24 hours of time Symantec validates the domain authorization.