We want to replace an expired certificate for a subdomain hosted in its own server, for example:
department.area.city.gov
We just have control over that server and subdomain. Because of security reasons (changed recently), there are no *@city.gov email accounts (usual way for verification, e.g.,webmaster@city.gov) and there is no way we can persuade them to add files or modify DNS settings in order to verify (COMODO alternatives).
How can this problem be solved? Anyone had experience with such cases?
Best Answer
Get another provider of certificates, one who will accept some other form of documentation proving that you have the authority to get a certificate for your domain.
The standard practice would be for an organization to have a few persons authorized to approve a certificate. Anybody can apply for a certificate, but it will not be issued until those designated persons have approved it. They need not have email addresses within the domain for which the certificate is issued; they just need to be able to prove that the company that owns the domain has authorized them to approve certificates.