Blogs‎ > ‎

Domain Control Validation for Quick SSL Installations

posted 9 Nov 2015, 14:06 by Andrew at Lycom   [ updated 9 Nov 2015, 16:12 ]
For basic purposes, such as those not involving e-commerce or identity validation, you can often get away with the basic offerings of many SSL resellers, these provide for encryption of traffic whilst being cheap. 

They can also be installed quickly, thereby reducing the installation cost - but to do that you will need to avoid any of the lengthy organisational validation protocols that may be suggested. I have known SSL installations grind to a halt awaiting various bits of information to be supplied by different departments (or the stressed-out owner in the case of small businesses).  On one memorable occasion the SSL supplier refused to release the SSL certificate (despite the client supplying all their company documents) because the company office wasn't listed on 192.com !

For the purposes of example I am using instantssl.com (i.e. Comodo) on IIS7. 

First, generate the CSR request on your server: 


On IIS7 this involves going to the IIS Services Manager Console, at at the server (top level) context go to 'Server Certificates' and then follow the new certificate generation process:


Then supply the CSR generated as part of the online new certificate application. Always choose SHA-2 as the SSL hash algorithm as SHA-1 is deprecated (and if your SSL provider only offers SHA-1 for new certificates move to someone else!).

The key bit for speed is to choose a 'Domain Control Validated' method of proving you own or have access to the domain.

For example:


I tend to use the HTTP-based DCV method as I am usually already on the server, whereas sometimes you have to wait for someone else to set up and propagate DNS records. So, armed with the certificate hashes create a text file:

    http://yourdomain.com/<Upper case value of MD5 hash of CSR>.txt

Content (as a plain text file): 

<Value of SHA1 hash of CSR> 
     comodoca.com

Kick off / check the online validation process and you should find the validation proceeds quickly (typically within the hour for Comodo) and then the SSL certificate is ready for use.