Knowledge Base
How Do You Understand, Add, Manage, Delegate, and Validate Domains in Sectigo Certificate Manager (SCM)?
Overview:
Domains are a core component of Sectigo Certificate Manager (SCM). Before requesting publicly trusted SSL/TLS, client, or codesigning certificates, domains must be added to SCM, delegated to the correct organizational units, and successfully validated. This article explains how domains function in SCM and provides step-by-step guidance for adding, managing, delegating, and validating them.
1. Understanding Domains in SCM
In SCM, a domain represents the DNS namespace that an organization controls. Before publicly trusted certificates can be issued, domains must be:
-
Added to SCM
-
Delegated to an organization or department
-
Validated through Domain Control Validation (DCV)
Each domain displays a validation status, such as:
-
Validated — Control successfully verified
-
Action Required — Additional steps needed
-
Expired — Previous validation has lapsed
SCM also supports Certificate Transparency (CT) Log Monitoring, which detects newly issued public certificates or pre- certificates for the domain and places them in a monitoring bucket to help identify unauthorized issuance.
Domains are managed from the Domains page, which provides controls for administration, validation, delegation, and CT monitoring.
2. Adding a Domain
Adding a domain is the first step before validation or certificate issuance.
Steps to Add a Domain
-
Open the Domains section.
-
Click Add.
-
Enter the domain name (for example: example.com).
-
Save the domain.
-
Proceed to domain validation when ready.
Adding a domain only registers it within SCM — it does not automatically validate it.
3. Managing Domains
Domain management allows administrators to modify domain information, adjust CT settings, configure delegations, and remove domains when necessary.
3.1 Editing Domain Details
Administrators can update:
-
Active / Inactive status
-
Domain description
-
CT Log Monitoring settings, including:
-
Monitoring for publicly issued certificates
-
Including or excluding subdomains
-
Assigning a certificate bucket
-
Delegations, including adding, editing, or deleting assigned organizations/departments
3.2 Approving Domain Creation or Delegation
If a domain requires approval:
-
Open Domains.
-
Select the domain with pending delegations.
-
Choose Approve Delegations.
-
Select the appropriate organization or department.
-
Approve to finalize the assignment.
3.3 Deleting a Domain
To delete a domain:
-
Select the domain from the Domains page.
-
Click Delete.
-
(Optional) Choose Delete all subdomains.
-
Confirm deletion.
Note: Deleting a domain does not clear any existing DCV status.
4. Delegating Domains
Delegation defines which organization or department may request certificates for a domain or its subdomains. This enables structured control of certificate issuance across an enterprise.
When creating or modifying delegations, administrators may configure:
Delegation Privileges
|
Privilege Option |
Description |
|
Delegated domain only |
Requests allowed only for the exact domain |
|
FQDN subdomain |
Requests allowed for fully qualified subdomains |
|
First level wildcard subdomain |
Allows one level wildcard certificates (e.g., *.example.com) |
|
Second level+ wildcard subdomain |
Allows multilevel wildcard certificates |
Delegation Fields
-
Organization / Department assigned
-
Certificate types allowed
-
Optional delegation description
Delegations can be removed by selecting them and using the Delete option.
5. Validating Domains (DCV)
Domain Control Validation (DCV) verifies ownership or control of the domain. Publicly trusted certificates cannot be issued without successful validation.
Available Validation Actions
-
Validate — Begin DCV for a new domain
-
Revalidate — Required when validation expires or details change
-
Continue Validation — Resume incomplete validation
-
View Progress — See current DCV status and trigger CA checks
-
Refresh Validation Status — Sync DCV status with the Certificate Authority
-
Clear DCV — Reset validation status
-
Cancel DCV Request — Stop an active DCV process
Validation Status Outcomes
-
Validated — Certificate issuance is permitted
-
Action Required — User must complete additional DCV steps
-
Expired — Validation must be repeated
6. Certificate Transparency (CT) Log Monitoring
CT Log Monitoring allows administrators to automatically monitor for any publicly issued certificates or precertificates associated with the domain.
CT Monitoring Options
-
Enable/Disable CT Log monitoring
-
Monitor subdomains
-
Assign certificates to a specific CT bucket
This feature improves security by detecting unauthorized or unexpected certificate issuance.
7. Domain Page Controls Overview
|
Control |
Description |
|
Add |
Add a new domain |
|
Delete |
Remove an existing domain |
|
Edit |
Change domain information, CT settings, and delegations |
|
View Audit |
View or download domain audit logs |
|
Enable/Disable CT Log |
Manage CT monitoring |
|
Approve Delegation |
Approve domain assignment to an organization/department |
|
Validate / Revalidate |
Initiate or repeat DCV |
|
View Progress |
Monitor validation steps |
|
Refresh Validation Status |
Sync DCV status with CA backend |
|
Clear DCV |
Remove existing validation state |
|
Cancel DCV Request |
Cancel inprogress validation |
Related Articles:
Tags:
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
