I got a certificate from AWS and did dns validation in the process of https communication. But I'm not sure why you are doing that verification. To use the domain, I got a domain from a hosting company and registered it on route53. Isn't this process itself dns validation? I want to know the effect of dns validation, and I want to know what happens when dns validation is not done.
thank you.
A certificate encodes an identity, like a name of a website.
A certificate authority issuing such a certificate vouches that the entity to which the certificate is given (more precisely: the entity owning the private key associated with this specific certificate) is indeed having that identity, that is owning this website.
The validation is to prove the entity is owning that website by, typically, either putting some specific content at specific location on the website or altering some DNS records in the zone. Both operations showing that the entity controls the name at the DNS level (or HTTP level) and hence the certificate can be delivered.
If you want to dig deeper, based on your question, you need to thorougly understand that each of the following job is separate from all others, except that a given entity can do more than one or even all of them:
In short a certificate authority (such as ACM) will try to resolve the dns record for your domain via the public DNS. After that it compares the value it retrieved from the DNS with the value it stored internally, i.e., the value send to you. If they match, your domain is validated.
In layman's terms it tells you a secret and then asks you to display that secret in say a window of your house. After that it drives by your window to check it the displayed secret is correct. If it is, it means you own the house (or at least have access to it).
Best, Stefan
