tencent cloud

SSL Certificates

Release Notes
Announcements
Notice on price adjustment of DigiCert and its affiliated brands'SSL certificates​
Price Change to DigiCert SSL Certificates
TrustAsia Root Certificate Update
Domain Validation Policy Update
SSL Certificate Service Console
Multi-Year SSL Certificate and Automatic Review
Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020
Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020
Notice on Certificate Revocation Due to Private Key Compromises
Notice on Application Limits for DV SSL Certificates
Notice on Adjustment of Free SSL Certificates Policy
Let's Encrypt Root Certificate Expired on September 30, 2021
Product Introduction
Overview
Introduction to Tencent Cloud SSL Certificates
Strengths
Advantages of HTTPS
Browser Compatibility Test Report
Multi-Year SSL Certificate and Automatic Review Overview
SSL Certificate Security
Purchase Guide
Pricing
SSL Certificate Purchase Process
SSL Certificate Selection
Paid SSL Certificates Renewal
SSL Certificate Renewal Process
SSL Certificate Refund Process
Getting Started
Certificate Application
Information Submission Process for Paid SSL Certificates
Domain Ownership Validation
Domain Validation Method Selection
Automatic DNS Addition
DNS Validation
File Validation
Automatic DNS Validation
Automatic File Validation
Validation Result Troubleshooting Guide
Operation Guide
Domain Ownership Verification
Uploading Certificates
Secured Seal
CSR Management
Certificate Installation
Installing an SSL Certificate on a Tencent Cloud Service
Installation of International Standard Certificates
Selecting an Installation Type for an SSL Certificate
Certificate Management
Instructions on SSL Certificate Auto-Renewal
Certificate Hosting
Uploading (Hosting) an SSL Certificate
Reminding Reviewers to Review an SSL Certificate Application
Revoking an SSL Certificate
Deleting an SSL Certificate
Reissuing an SSL Certificate
Ignoring SSL Certificate Notifications
Customizing SSL Certificate Expiration Notifications
API Documentation
History
Introduction
API Category
Making API Requests
Certificate APIs
Certificate Renewal (Certificate ID Unchanged) APIs
CSR APIs
Data Types
Error Codes
Use Cases
Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources
Apple ATS Server Configuration
Quickly Applying for a Free SSL Certificate via DNSPod
Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS
Batch Applying for and Downloading Free Certificates Using Python-based API Calls
Profile Management
Adding Organization Profile
Adding Administrator
Adding Domain
Troubleshooting
Domain Validation Failed
Domain Security Review Failed
Website Inaccessible After an SSL Certificate is Deployed
404 Error After the SSL Certificate is Deployed on IIS
“Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed
Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded
Automatic DNS Validation Failed for a Domain Hosted with www.west.cn
Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https
Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS
FAQs
SSL Certificate Selection
SSL Certificate Application
SSL Certificate Management
SSL Certificate Installation
SSL Certificate Region
SSL Certificate Review
SSL Certificate Taking Effect
SSL Certificate Billing and Purchase
SSL Certificate Validity Period
Related Agreement
SSL Service Level Agreement
Contact Us
Glossary
DocumentaçãoSSL CertificatesDomain Ownership ValidationAutomatic File Validation

Automatic File Validation

PDF
Modo Foco
Tamanho da Fonte
Última atualização: 2024-03-06 17:24:16

Overview

This document describes how to validate a domain when you apply for a certificate or add a domain in the certificate management console and the domain validation mode is automatic file validation.
Note:
Automatic file validation applies only to multi-year international standard certificates and non-wildcard certificates.

Validation Rules

Domain name validation rules

During automatic file validation, pay attention to the following:
Note:
Due to SSL certificate domain validation policy changes, Tencent Cloud discontinued the file validation mode for wildcard certificates on November 21, 2021. For more information, please see Domain Validation Policy Update.
If the domain that you apply for is a primary domain, www must also be validated. For example, if the domain applied for is tencent.com, www.tencent.com must also be validated.
If the domain that you apply for contains www, the domain name following www must also be validated, regardless of the domain levels. For example, if the domain applied for is www.a.tencent.com, a.tencent.com must also be validated.
If the domain that you apply for does not contain www and is not a primary domain, only the current domain needs to be validated. For example, if the domain applied for is cloud.tencent.com, only cloud.tencent.com needs to be validated.

CA validation rules

During DNS query, you must recursively query the authoritative NS server of each domain on the authoritative root server, and then query the corresponding A, AAAA, or CNAME records from the NS server.
If the DNS service supports DNSSEC, you must verify the signing information of the response data.
If the queried domain is an IP address, verify the content via IP access.
The standard HTTP/HTTPS default port must be adopted for access.
Up to two 301/302 redirections are supported. The redirection destination IP and the validated domain must be in the same primary domain.
In the final validation result, the status code 200 must be returned.
For HTTPS access, certificate errors can be ignored.

Directions

Step 1. View validation information

1. Log in to the SSL Certificate Service console. In the left sidebar, click My Profile to go to the My Profile page.
2. On the My Profile page, click the name of the organization for which domain information is to be validated. Then you can view the information of administrators that have been applied for.
3. Click the name of the administrator whose domain information is to be validated. The Review Information page is displayed.
4. Click the *Domain Information tab, select the domain to be validated, and click View Validation.
5. On the Validate Domain page, follow the instructions on the page to complete validation within a specific period of time.

Step 2. Add file validation

1. Log in to the server and ensure that the A record is added for your domain and the A record points to the server.
Note:
If your domain name is hosted with Tencent Cloud, point the domain name to your server. For more information, please see A Record.
2. Start a web service on the server (or use the web service where the business is running), listen on port 80 or 443, and set the reverse proxy address of the file validation path to the reverse proxy address provided in Step 1: View validation information (as shown in the figure in substep 5 in step 1). Tencent Cloud provides the following web service configuration guidelines for your reference:
NGINX reverse proxy configuration
Apache reverse proxy configuration
Note:
Both HTTP and HTTPS are supported, and either can be accessed.
A configured reverse proxy cannot be deleted or modified. After being deleted or modified, a reverse proxy becomes invalid.
Up to two 301/302 redirections are supported. The redirection destination IP and the validated domain must be in the same primary domain. For a domain name starting with "www", such as www.a.tencent.com, file validation is required for the domain name itself as well as a.tencent.com.
3. After configuring the reverse proxy, wait for the CA to complete the file validation. After the file validation is passed, the domain is approved.
4. On the Validate Domain page, you can click Validate to validate the domain configuration.
Anterior: Automatic DNS ValidationPróximo: Validation Result Troubleshooting Guide

Ajuda e Suporte

Esta página foi útil?

comentários