Server certificate validation has changed. New validation methods are described below. User has to choose the preferred method by himself using “Request domains” page or in the single certificate order form. In each method an email will be send which has instructions of actions needed before new domain is available for self-service certificate enrollment. After the actual validation there may be one hour delay before the domain is visible in Telia certificate portal.

DNS method
Certificate applicant or DNS operator named by him/her will receive a small string with instructions via email. Customer or DNS operator must add the string to the TXT record of DNS service under the domain using normal DNS maintenance processes. Telia Certificate service will regularly poll it. When the string is available in the DNS, the domain name will be authorized for use in Telia certificate portal. Please note:

  • It may take several hours before DNS gets updated
  • Do not place the string at your webserver
  • Choose this method if your device is not accessible from public Internet

File method
Certificate applicant or server operator named by him/her will receive a small random file with instructions via email. Customer must add the file with a .txt file extension or no extension at all to a specific path in a web server which is set to serve the requested domain name. Telia Certificate service will regularly poll the website. When the file is available, the domain name will be authorized for use in Telia certificate portal.

Please note that your server must be running and accessible from public Internet when using file method

Below are examples of Telia-provided validation file telia_validation_data_file_20180308:

Validation AddressAn example of path in file system\well-known\pki-validation\telia_validation_data_file_20180308
It is not possible to include a dot (.) in a path in Windows. When using IIS, you must add a virtual directory by clicking right mousebutton on the name of your server and by choosing Add virtual directory. Set as an alias .well-known and add to Physical path box a path called C:\well-known\pki-validation

Email method
Certificate applicant sends email via Telia Certificate service to the email addresses available at WHOIS service and/or standard email addresses 'admin@', 'administrator@', 'webmaster@', 'hostmaster@', or 'postmaster@' followed by the domain name in question. Any of the receivers will have to click on the link in the message and authorize the domain to the Applicant. After successful validation the domain name is available to applicant at Telia certificate portal. Please check before using this method the availability of email boxes iand access to them for mentioned addresses.

Phone method
In this validation method Telia is allowed to use only contact phone numbers that are shown at the domain register. Customer has to check that WHOIS service (e.g. includes correct contact phone number related to the domain and the person answering to this number has the authority to say "yes" when Telia calls to the number and asks if Applicant is authorized to use the domain in server certificates. Note! Domain registrars have removed all telephone numbers from .com,.org and .net domains because of GDPR. Thus this method is not available with those domains.

Suitability of the methods
Some methods are better suited for validation of single DNS names like and some are better suited for validation of entire network domain like

After validation of the entire domain it is possible to order certificates from Telia for all DNS names of the domain in question for a period of two without a need for further validations. Validation of entire domain is recommended, but it is not always possible due to missing WHOIS information or privacy policies of certain domain registries. In these cases file and DNS methods, which are independent of domain registry data, are the recommended methods.

The table below lists recommendations for the validation method use:

Validation MethodA single DNS nameEntire domain
FileRecommendedNot recommended
EmailNot recommendedRecommended
TelephoneNot recommendedRecommended