Changes to Validation Process for Symantec SSL certificates

Symantec will soon make changes to the validation process for their family of certificates (Symantec, GeoTrust, Thawte, RapidSSL). Unfortunately, they have given us very short notice to make changes to our API methods.

The updated authentication processes will go live in the production environment on March 15th, 2017.

DNS based validation:
The DNS entry for DNS validation is a TXT record instead of a CNAME entry.
API method retrieveOrderSslCertRequest: The DNS record (additionalData -> dnsEntry) returned in the response now has a length of 64 characters, rather than 32.
The DNS record must always be stored at common name.
HTTP(S) validation:
API method retrieveOrderSslCertRequest: The file content (additionalData -> fileContent) returned in the response now has a length of 64 characters, rather than 32.
The FILE must always be stored at the common name.
The FILE must be placed to the new path:
Starting from March 15th, 2017, Symantec will only support the updated domain validation processes. The changes are mandatory and failure to implement them risks breaking existing API implementations.

What will happen to my pending orders?
All orders that have not been issued a certificate before March 15th, 2017, will need to comply with the updated domain validation processes, even if the order was placed before March 15th.

Email validation: Because the approval links are being updated, Symantec will resend the approval email and proceed with domain approval/rejection as normal.
DNS/HTTP(S) validation: This validation method will be switched to Email validation and the certificate requestor will need to follow a link sent to the confirmation email address.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.