DNS validation

Prev Next

Available in Classic and VPC

To complete the certificate issuance, you need to perform Domain Control Validation (DCV) for all the domains included in your application.

DNS validation prerequisites

To perform DNS validation when validating domain ownership, you need permission to change the CNAME and TXT records in the domain's DNS.

  • Certificate Manager doesn't provide DNS record changes. Check with your domain name registrar, agency, or your own DNS management system to see how to make changes in advance.
  • Domains registered in the Global DNS service of NAVER Cloud Platform can change their records using Global DNS.
Caution

When you change the DNS name server (NS), the cache is automatically updated. It may take several hours to up to 2 days before you can properly view the record registered on the new name server. Note that certificate issuance may be delayed right after you change the name server.

CNAME record registration method

You can use this DNS validation method when issuing Cloud Basic certificates.
When you select DNS validation as the validation method when applying for a certificate, it creates a CNAME record name for each domain and a validation value to be entered in the record value after the application is complete.

To validate DNS:

  1. Go to Certificate list > Cloud certificate > Certificate details to check the DNS validation value for your domains. It appears in the following format:
    Record Name Record Type Record Value
    _65d7d22ee3a541c385bbfa0a2d950641.mydomain1.example.com. CNAME _e8335a33e5974d6995846142d659f583.cm.naverncp.com.
    • Record name: It is a validation value that is entered in the DNS record name.
    • Record type: When set up in the DNS management system, the record type must be CNAME.
    • Record value: It is a validation value that is entered in the DNS record value.
  2. Enter the DNS validation value through your domain's DNS management system. Wildcard (*) domains have a validation value created in the corresponding locations.
    • Domains that successfully complete DNS validation will have their validation status change from In progress to Succeeded.
Note

The certificate is issued after all domains included in the certificate have been successfully validated. Go to Certificate list > Cloud certificate > Certificate details to check the validation status for your domains.

Note

From July 23, 2024, the CNAME record creation method will change. The CNAME Record Name and Record Value will remain fixed for specific domains without changes. Going forward, once you enter a value in the DNS record, the same input value will be used to validate it when issuing a certificate for the specific domain.

  • Condition: The CNAME Record Name and Record Value for a specific domain are unique for each member.
  • Application: This applies to improvements made after July 23, 2024. For domains issued before this date, the CNAME Record Name and Record Value will change once and remain fixed.

DNS TXT record registration method

The following is the Advanced certificate type DNS validation method.
When you select DNS validation as the validation method when applying for a certificate, it creates a TXT record name and record value to be entered in the DNS settings for each domain after the application is complete.

There are largely 2 methods for DNS validation.

Persistent DNS TXT

This is a convenient method where, once set up initially, you can perform continuous validation without changing the records.
The Record Value includes account information that identifies the issuing CA and the user.
If needed, you can map the organization information (Organization) to prevent the domain from being issued with unintended organization information.

  1. Go to Certificate list > Domains or Certificate list > Advanced certificate > Order > Certificate list > Certificate details to check the DNS validation value for your domains. It appears in the following format:
    Record Name Record Type Record Value
    _validation-persist.example.com. TXT
    • Record name: It is a validation value that is entered in the DNS record name.
    • Record type: When setting up the DNS management system, the record type must be TXT.
    • Record value: It is a validation value that is entered in the DNS record value.
  2. Enter the validation value validated through the domain's DNS management system. The validation value for wildcard (*) domains is also created in the same location.
    • Domains that successfully complete DNS validation will have their status change from In progress to Succeeded.
  3. Once validated, your domain is valid for up to 9 days. Certificate Manager revalidates the domain every 9 days, and if the record value remains valid, the validity period is automatically extended by 9 days each time.
  4. When the domain is validated, you can use that information to issue certificates for the domain and even subdomains (including wildcards). If you need to issue certificates for multiple subdomains, it is more efficient to complete the validation at the parent domain level.
Note

The certificate is issued only after all domains included in the certificate have been successfully validated. Go to Certificate list > Domains or Certificate list > Advanced certificate > Order > Certificate list > Certificate details to check the validation status for your domains.

DNS TXT (token method)

  1. Go to Certificate list > Advanced certificate > Order > Certificate list > Certificate details to check the DNS validation value for your domains It appears in the following format:

    Record Name Record Type Record Value
    _dnsvalidation.mydomain1.example.com. TXT
    • Record name: It is a validation value that is entered in the DNS record name.
    • Record type: When setting up the DNS management system, the record type must be TXT.
    • Record value: It is a validation value that is entered in the DNS record value.

  2. Enter the validation value validated through the domain's DNS management system. The validation value for wildcard (*) domains is also created in the same location.

    • Domains that successfully complete DNS validation will have their status change from In progress to Succeeded.

  3. Validated domains have a validity period of up to 199 days. Once the validity period expires, the validation information is no longer available.

  4. When the domain is validated, you can use that information to issue certificates for the domain and even subdomains (including wildcards). If you need to issue certificates for multiple subdomains, it is more efficient to complete the validation at the parent domain level.

Note

The certificate is issued only after all domains included in the certificate have been successfully validated. Go to Certificate list > Domains or Certificate list > Advanced certificate > Order > Certificate list > Certificate details to check the validation status for your domains.

Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
© NAVER Cloud Corp. All Rights Reserved.