[Skip navigation links]

Domain approval and Domin Control Validation (DVC)

Domain approval

Before a participant organisation may request/order certificates from the CSM, it must add the associated :

 

  • Registered, fully qualified domain name( FQDN); or
  • Internal domain entries; or
  • public IP addresses.

 

Which are to appear in the certificate to the Certificate Service Management (CSM) system, for approval by AusCERT. For non-internal domains, and public IP addresses, AusCERT must verify that each FQDN, or public IP address, belongs to the organisation before approving the addition in the CSM. This applies for all (SSL, Code signing and S/MIME) Certificate type

 

      This process does not apply to non-FQDNs that are for internal hosting purposes only. For more information about certificate requirements for non-FQDNs, refer to the FAQ.

      Process for submitting a domain registered to your organisation for verification:

      1. The RAO uses the Certificate Service Manager (CSM) to associate one or more domain(s) for their organisation.
      2. AusCERT conducts a validation process that includes a WHOIS check to verify that the domain is registered to the Participant Organisation: AusCERT procedure for primary domain and public IP address approval
      3. If the validation is successful, AusCERT approves the domain addition.
      4. The domain (and its sub-domains), is available for management within the CSM.
      5. Certificates ordered from within the CSM are subject to further domain control validation (DCV) by Comodo.

       

      Domain Control Validation (DCV)

      Changes to CAB Forum standards (section 11.1.1) mean that Comodo will perform domain control validation (DCV) to verify domain ownership by POs. DCV procedures have been simplified by being built into the AusCERT CS Certificate Service Manager. To read more about using DVC within the CSM, see the following guide:

       

        Extended Validation SSL (EVSSL) certificates

        EVSSL certificates have additional ("extended") validation steps, beyond those conducted by AusCERT for domain addition. POs can obtain EV SSL certificates for single and multiple domains, at no extra cost, through the Certificate Service Manager. Contact AusCERT CS to enable this to occur. For further details about how to acquire an EVSSL Certificate through Comodo, see the FAQ.

        Delays in issuing certificates

        The turn-around time for domain approvals is affected by the current AusCERT CS workload, as well as by Comodo DCV requirements. AusCERT will always endeavour to approve domains as quickly as possible, however it can take up to two business days to obtain a certificate. If there are delays, send an email to AusCERT CS.