Changes in Domain Control Validation Procedure

On 15th of November the DCV (Domain Control Validation) procedure will be adjusted to meet new requirements from CA. 

 

What is Domain Control Validation?

Domain Control Validation (DCV) is the process by which a CA gains evidence that a particular domain is managed by the  applicant for a certificate. 

One of these options is file-based validation (also called; HTTP/HTTPS, file authentication), which requires the domain owner to upload to the domain a file containing a unique identifier given to the certificate applicant by the Certificate Authority (CA).

The CA can then locate and interrogate this file as proof that the requestor has control of this domain. 

 

What will change exactly?

The new policy will be implemented on 15th of November and will affect SSLs and orders in following ways:

 

1. It will be no longer possible to validate Wildcard certificates using file-based validation (all types of Wildcards are affected)

 

2. When using file validation for multi-domain certificates, domain  validation will be required for every FQDN/SAN (domain) individually.

Example: 

Prior to the 15th of November - if you ordered a certificate for: 

openprovider.nl

www.openprovider.nl

test.openprovider.nl

You would only need to place a file on openprovider.nl/some-folder

After 15th of November - if you order a certificate for above domains you will need to place the file on:

www.openprovider.nl/some-folder

test.openprovider.nl/.well-known/some-folder

openprovider.nl/.well-known/some-folder

 

3. When using file validation for single domain certificates, domain  validation will be required for every FQDN/SAN (domain) individually.

Example:

Prior to the 15th of November - if you ordered a certificate for test.openprovider.nl, file could be placed either on test.openprovider.nl or openprovider.nl

After 15th of November - if you want to protect test.openprovider.nl, the file must be placed for test.openprovider.nl

 

4. For DV certificates you will be also getting a free additional name: the www, e.g.

If you order certificate for openprovider.nl you get www.openprovider.nl for free, and vice-versa

If you order for test.openprovider.nl you get www.test.openprovider.nl for free and vice-verse

That also means files must be placed for both domains: with and without www

 

Please note: there will be some changes from CA in regards to free www domains. More information will be provided once we receive them from CA

 

What is the impact?

  1. The change will not affect certificates issues prior to 15th of November.
  2. It will affect all new orders, renewals and reissues after November 15, when using file validation as a DCV method.
  3. Other domain control validation methods are not impacted by this change, so this change does not apply to Email- and DNS-based validation, which still are available for wildcard certificates.
  4. If you now use file validation for wildcard certificates, you will have to switch to email validation or CNAME validation.
  5. If you use file validation for single and multi-domain certificates and want to continue using it, you will need to prepare a separate file for each subdomain (SAN), or switch to another DCV method.
Was this article helpful?
0 out of 0 found this helpful
Additional questions? Submit a request