When someone requests a public TLS certificate from a certificate authority (CA), the CA must first prove that the customer controls the domain for the certificate they’re requesting.

How do we do that? With domain control validation (DCV), a vital part of the function CAs perform. DCV is central to internet trust because it helps protect users from impersonation and other threats by ensuring that only those with rightful control over a domain can secure a certificate for it.

The CA/B Forum has approved several DCV methods in the Server Certificate Baseline Requirements. But establishing and following a compliant process—particularly at scale—is no small feat. It requires precision, compliance with industry standards, and a deep commitment to transparency and trust.

At DigiCert, we believe that performing quality DCV is in the interest of the entire internet ecosystem. That’s why we’ve released our automated DCV system as an open-source project.

A look under the hood

The DigiCert DCV library is a Java-based, containerized solution designed with the future of internet trust in mind. It’s built to support innovations like Multi-Perspective Validation, a method for enhancing security by verifying domain control from multiple vantage points around the globe. By open-sourcing this library under the MIT license, we’re empowering the community to use, adapt, and build upon our work.

Anyone can fork the code—even for commercial purposes—as long as they retain the required copyright and legal statements. But the true value of this project lies in collaboration. DCV processes can be opaque and challenging to evaluate externally, making it hard to ensure consistent quality across the industry. By opening our implementation to the world, we aim to bring transparency to this crucial corner of internet security.

Building on DigiCert’s experience

This open-source DCV library is more than just a tool—it’s a culmination of DigiCert’s extensive experience as a global leader in PKI and certificate issuance. The code reflects the lessons we’ve learned from operating as a public CA at scale.

Our next step? Deploying this open-sourced version in production after the community has had the chance to evaluate and contribute to it.

Issuing a call to action to the WebPKI community

The best possible outcome for this open-source project is a stronger, more secure internet for all. We invite CAs, developers, and other stakeholders to collaborate with us to refine and enhance the DCV process. Together, we can make domain validation more transparent, efficient, and effective for the entire ecosystem.

If you’re interested in exploring or contributing to the project, you can access the DigiCert DCV library and documentation through the following links:

• Maven Central: Domain Control Validation Overview
• GitHub: DigiCert DCV Project
• JavaDocs: API Documentation
• For developers: Class DcvManager

Frequently asked questions

The latest developments in digital trust

Want to learn more about topics like compliance, certificates, and digital trust? Subscribe to the DigiCert blog to ensure you never miss a story.