WHOIS and SSL/TLS certificate validation

Domain Control Validation (DCV) must be completed before an SSL/TLS certificate can be issued. This proves to the issuing Certificate Authority (CA) that the individual applying for the SSL/TLS certificate has control over the domain they are securing. An email to a WHOIS registered email address is a common way of doing so.

Approver email DCV

The most popular DCV method is the approver email. The approver email is sent to an email address associated with the domain being validated. It simply contains a code to be pasted into a URL. The ease of this DCV method is likely why it is so commonly used.

The approver email can only be sent to one of the five generic domain aliases or an email address listed on the domain registrar’s WHOIS record.

The generic domain aliases are the following:

The domain registration details show who owns the domain and the email addresses associated with the domain owner, among other details. This information is entered at the time the domain is registered and can be updated at any time through the domain registrar. It is these listed email address/es which the approver email can be sent to in order to complete DCV.

Checking the domain’s details

To check the domain registration details for a valid email address to send the approver email to, a WHOIS search is required. This is a database query to the domain registrar to find out “who is” the owner of the domain. The query will return information such as the name of the domain registrar, domain owner, and contact email address/es.

If your preferred email address is not listed in the domain registration details or are not publicly available, you will need to update them by logging into your domain hosting account. Alternatively, contact your domain registrar so that they can update the details for you, ensuring they are publicly viewable.

There are some domain registrars that require you to perform the WHOIS search directly through their website in order to view the information. This includes hosting companies like GoDaddy, which will provide a URL link to the WHOIS results. This URL can be used to check the registration details on their website.

In addition to checking the registrar, you can also use one of the below top-level domain (TLD) specific databases to perform the WHOIS search:

most generic .com domains can be searched for their registration details using ICANNs WHOIS function below:

.it domains:

.fr domains:

.pl domains:

.de domains:

.ch domains:

.eu domains:

.at domains:

.es domains:

Why the domain details are sometimes not available

In some cases, the information is not made publicly available. Thus, the information provided by a WHOIS search will not show an email address to send the approver email to. Some of the reasons why this can occur have been outlined below.

Privacy settings:
All domain registrars have privacy settings that can be enabled and disabled at whim. This is used to hide the contact details you have entered into your domain’s registration details for privacy purposes. In some cases, an email address mask will display in place of the contact email address. This is normally a string of alpha-numeric characters followed by a privacy domain (for example 123456abcdef@whoisprivate.com). This email address can be used as an option for receiving the automated approver email. However, you would first need to contact your domain registrar to confirm if emails sent to this address are forwarded to an active email address. Alternatively, you can disable the privacy setting so that the desired contact email address is displayed. Once the DCV has been completed, enable the privacy settings again.

GDPR redacted:
Since the implementation of the General Data Protection Regulation (GDPR) laws across European Union member nations, companies needed to rethink their approach to the handling and retention of customer information. As a result, some domain registrars permanently disabled public access to registered domain details, marking them as “GDPR REDACTED” or “REDACTED FOR PRIVACY”. This means that although you may have contact details listed for the domain, they will not display when conducting a WHOIS search. Thus, the information cannot be used to receive the approver email. In this case, the only option is to use one of the five generic domain aliases. That is, unless the registrar will set the information to public upon request.

Country-specific restrictions:
There are some countries which have their own regulations preventing the domain registration details from being viewed using WHOIS searches.
Known countries are listed below:

.uk domains:
The UK government does not allow domain registration details to be made public. Just like with GDPR retacted domain details, this means that although you may have contact details listed for the domain, it will not be found when conducting a WHOIS search. Hence, they cannot be used as an option for receiving the automated approver email. The only option is to use one of the five generic domain aliases, unless the registrar will set the information to public upon request.

.au domains:
The Australian government has similar restrictions to the UK regarding domain registration details. They are not able to be accessed by WHOIS searches and instead require manual searches from whois.auda.org.au/
As long as the preferred email address can be found here, your order can be manually updated to include this address as an option for receiving the approver email.

While the approver email is the most commonly used DCV method, other methods are available which you can read about at the below link:

How Useful Was This Post?

Let Us Know How We Are Doing - Click A Star To Rate This Post

Average Vote Rating 0 / 5. Vote Count : 0

No Votes So Far! Be The First To Rate This Post