RRPproxy Homepage
RRPproxy Homepage

Validation Method: Symantec DNS

To use the DNS based authentication for domain-vetted certificates, set the parameter "AUTHMETHOD" to "DNS" for AddCertificate", "RenewCertificate" and "ReissueCertificate". If the certificate class is valid for DNS based authentication, you will get one additional property back.


command    = AddCertificate
csrX       = ...
authmethod = DNS


code                      = 200
description               = Command completed successfully
runtime                   = 7.872
property[certificate][0]  = SA4317966
property[dnsauth name][0] = 20170727094628k5loo039okyyz1jlrde57ku091h1og39uv6enkzo1v265graqw
property[status][0]       = REQUESTED
property[sub][0]          = SA4317966-001
property[sub status][0]   = ORDER_REQUESTED

The DNS record returned in the API response contains the date and a unique random string derived from the CSR and must be stored in a TXT - record:

  • example.com IN TXT 20170727094628k5loo039okyyz1jlrde57ku091h1og39uv6enkzo1v265graqw

The DNS record must always be stored at the main domain, not at sub-domains. For SAN SSL certificates, the TXT record for DNS based validation must be stated for all respective main domain(s), but not for sub-domains.

Exemplary domains in CSR

  • www.example.com
  • something.example.com
  • example.net
  • anotherthing.example.org

These require 3 TXT records at main domain level

  • example.com IN TXT <string>
  • example.net IN TXT <string>
  • example.org IN TXT <string>

The <string> is identical for these domains, it is generated of the CSR and is returned via API.

Wedomains :)