What is the “unique value” used in domain validation (DV)?

What is the “unique value” used in domain validation (DV)?

The “unique value” (or “unique token”) referred to in SSL.com’s domain validation (DV) documentation is used for compliance with Section (Validation of Domain Authorization or Control) of the CA/Browser Forum’s Baseline Requirements. These requirements stipulate that a “Request Token or Random Value” appear in a file stored in a particular directory of the website that is to be protected by an SSL/TLS certificate (normally /.well-known/pki-validation/), or as part of a DNS record for the domain name to be validated, serving to ensure the uniqueness of the request.

When performing domain validation in SSL.com’s online portal, a random value will made available to the user for this purpose, along with a pre-formatted text file and DNS record for use with the HTTP/HTTPS file lookup and DNS CNAME lookup methods. Please refer to SSL.com’s DV requirements documentation for full details of the available DV methods.

If you are using SSL.com’s SWS API to perform domain validation, you may specify a unique value via the optional unique_value parameter in your request. If you do not supply the unique value via the API, a random value will be automatically generated for you. For complete information, please refer to our API documentation.

Which domain validation (DV) methods require a unique value?

The HTTP/HTTPS file lookup and DNS CNAME lookup DV methods both require a unique value that is either generated randomly by SSL.com, or supplied by the user via the SWS API. The Email Challenge Response method also requires a random value for validation, which is supplied by SSL.com in the validation email message.

Do I need to use a new unique value when I reprocess a certificate or order a certificate for a prevalidated domain name?

The unique value is required at the time that domain control is validated. Therefore, if you add a new domain name when reprocessing a multi-domain certificate and wish to use the DNS CNAME lookup or HTTP/HTTPS file lookup validation method, you will need to create a new CNAME or validation file, with a new unique value.

If you have prevalidated a domain name via the CNAME or File Lookup methods, a new DNS record or file with a new unique value is not required when ordering a certificate for it.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.