Authorization domain name

When you request a certificate from Sectigo, you provide one or more fully qualified domain names (FQDNs) that you want to see in your certificate. For each FQDN, the authorization domain name is the domain name that you use to do the DCV.

The authorization domain name can be the same as the FQDN to be validated, or it can be the FQDN with some labels removed from the beginning. For example, if the FQDN to be included in the certificate is internal.example.com, the authorization domain name could be internal.example.com or example.com.

One consequence of this is that if you request a certificate for the two domains (www.example.com, example.com), an authorization domain name of example.com may be used to do a single validation that will validate both FQDNs, whereas an authorization domain name of www.example.com would not.

An authorization domain name cannot be a registry controlled name and cannot be a public suffix. That means that co.uk or com cannot be authorization domain names. For example, pvt.k12.ma.us cannot be an authorization domain name because it is a public suffix.

For email based DCV, you will tell us explicitly which domain you want to use as the authorization domain.

For DNS-based DCV we will check all of the possible authorization domain names.

Even if the FQDN contains a wildcard (*) character, the authorization domain name will not.

Even if the FQDN contains a wildcard (\*) character, the authorization domain name will not.

For example, if the FQDN to be included in the certificate is *.service.example.com, the authorization domain name could be formatted as example.com or service.example.com.