Spojeni s důvěrou

Spojenie s dôverou

Connected with trust

D. Trust
Certifikačná Autorita a.s.

Spojeni s důvěrou

Spojení s dôverou

Connected with trust

Skip Navigation Links > Products > Commercial certificates > Commercial certificate for SSL > Approved types of domain names and their verfication

Approved types of domain names and their verification

Allowed types of domain names

  • I.CA issues commercial SSL certificates for all domain types except new gTLDs (.company, .bike, .movie, .club, etc.)
  • Only one second-order domain (ica.cz) and up to 9 other dnsName names (subdomains - www.ica.cz, neco1.ica.cz, neco2.ica.cz) may be required to apply for a commercial SSL certificate,
  • The I.CA does not accept commercial SSL certificates containing the IP address and domain name with wildcard characters, the so-called wildcard domain, eg * .ica.cz

Verification of domain ownership

I.CA verifies DNS domain ownership in one of the following ways:

  • Send an e-mail that contains a random string to the WHOIS domain contact email that sends the string back to I.CA
  • I.CA sends an e-mail to one of the admin, administrator, webmaster, hostmaster, or postmaster @ domain messages that will contain a random string, which then sends the applicant back to I.CA
  • The domain administrator for the required FQDN will create a new DNS record (CNAME / TXT type) that will contain a random string that specifies I.CA
  • the domain administrator creates a / ww.known-public-publisher / filename in the server for the required FQDN directory in which it creates the file ica.html and the contents of the file will be the random string provided by I.CA

The validity of random strings is in all cases 30 days.

Checking CAA Records

I.CA also uses DNS records to verify that there is no CAA record for the specified domains in the request that specifies CAs that can only issue a certificate for the domain or is listed in I.CA (ica.cz).

When checking the CAA record, it is necessary to wait until the validity of the current CAA record (TTL) expires or 8 hours, whichever is the longer. If the record now does not exist, I.CA waits for 8 hours, then performs a new check.

Registration authorities