On 15th of November the DCV (Domain Control Validation) procedure will be adjusted to meet new requirements from CA.
What is Domain Control Validation?
Domain Control Validation (DCV) is the process by which a CA gains evidence that a particular domain is managed by the applicant for a certificate.
One of these options is file-based validation (also called; HTTP/HTTPS, file authentication), which requires the domain owner to upload to the domain a file containing a unique identifier given to the certificate applicant by the Certificate Authority (CA).
The CA can then locate and interrogate this file as proof that the requestor has control of this domain.
What will change exactly?
The new policy will be implemented on 15th of November and will affect SSLs and orders in following ways:
1. It will be no longer possible to validate Wildcard certificates using file-based validation (all types of Wildcards are affected)
2. When using file validation for multi-domain certificates, domain validation will be required for every FQDN/SAN (domain) individually.
Prior to the 15th of November - if you ordered a certificate for:
You would only need to place a file on openprovider.nl/some-folder
After 15th of November - if you order a certificate for above domains you will need to place the file on:
3. When using file validation for single domain certificates, domain validation will be required for every FQDN/SAN (domain) individually.
Prior to the 15th of November - if you ordered a certificate for test.openprovider.nl, file could be placed either on test.openprovider.nl or openprovider.nl
After 15th of November - if you want to protect test.openprovider.nl, the file must be placed for test.openprovider.nl
4. For DV certificates (single domain) you will be also getting the "www" as additional name for free,
e.g. If you order certificate for openprovider.nl you get www.openprovider.nl for free, and vice-versa
If you order for test.openprovider.nl you get www.test.openprovider.nl for free and vice-versa.
That also means files must be placed for both domains: with and without www.
Please note: there will be some changes from CA in regards to free www domains.
More information will be provided once we receive them from CA but please expect them to be removed.
What is the impact?
- The change will not affect certificates issues prior to 15th of November.
- It will affect all new orders, renewals and reissues after November 15, when using file validation as a DCV method.
- Other domain control validation methods are not impacted by this change, so this change does not apply to Email- and DNS-based validation, which still are available for wildcard certificates.
- If you now use file validation for wildcard certificates, you will have to switch to email validation or CNAME validation.
- Wildcard certificates which were previously issued with file validation can not be directly renewed via the ssl panel (using the previous details). Please start a new order and select one of the supported validation methods.
- If you use file validation for single and multi-domain certificates and want to continue using it, you will need to prepare a separate file for each subdomain (SAN), or switch to another DCV method.
Openprovider strongly suggests choosing other methods of domain validation than HTTP / HTTPS validation:-
- E-mail validation
- DNS / CNAME validation
Both will make validation process quicker to complete.