What was the reason for dns validation?

user783741

11/25/22, 10:54 AM

I got a certificate from AWS and did dns validation in the process of https communication. But I'm not sure why you are doing that verification. To use the domain, I got a domain from a hosting company and registered it on route53. Isn't this process itself dns validation? I want to know the effect of dns validation, and I want to know what happens when dns validation is not done.

thank you.

1 + 2

certificate

dns-hosting

amazon-web-services

Greg Askew

11/25/22, 12:52 PM

`I want to know what happens when dns validation is not done.` A certificate will not be issued.

Oscar De León

11/30/22, 4:13 PM

Perhaps the phrase is a bit confusing. You're not validating your DNS domain; you're using your DNS server as proof that you own that domain to validate the certificate. This is done so someone else can't create a "valid" certificate for your domain, for example.

Score:3

Server

Esa Jokinen

11/25/22, 12:39 PM

From AWS Option 1: DNS validation:

When you choose DNS validation, ACM provides you with one or more CNAME records that must be added to this database. These records contain a unique key-value pair that serves as proof that you control the domain.

With shared infrastructure, the domains of multiple customers may point to the same IP address(es). Therefore, this alone cannot be held as proof of control for any specific customer. That is probably why these records has to be unique key-value pairs.