Digicert: Notice on SSL Certificate Domain Name Verification (DCV) Policy Changes

Recently, Digicert made the following response to the two major changes in SSL certificate domain name verification released by CA/B Forum three months ago:

• Starting from September 27, 2021, the Digicert SSL certificate needs to be re-verified every 397 days;
• From November 15, 2021, Digicert wildcard SSL certificates do not support file verification domain names. If you use file verification domain names for non-wildcard certificates, each SAN or FQDN requires independent domain name verification

Note: When currently using file verification to complete DCV, if there are both top-level domain names and sub-domain names in the certificate, you only need to complete the top-level domain name to pass all DCV verifications.

From November 15th, if you use file verification to complete DCV when applying for a non-wildcard SSL certificate, the top-level domain name and subdomain name need to be verified separately.

At the same time, Digicert pointed out that this SSL certificate policy change applies to new applications, renewals, re-signings and all domain names that have passed DCV. Issued SSL certificates are not affected.

Impact of changes in SSL certificate domain name verification policy

• After the new regulations take effect, the validity status of domain names that have been verified by DCV will change accordingly. Its verification status may change from "verified" to "pending verification", resulting in the inability to immediately issue an SSL certificate related to the domain name. Domain name verification must be completed again before the SSL certificate related to the domain name can be newly signed or re-signed.
• The SSL certificate that has been issued will not be affected in any way!

(Example pictures before and after changing the file verification rules)

Solution

1. Do domain name verification regularly

A domain name that has completed DCV verification is only valid for 397 days, which means that whether you are applying for a new, renewing or re-signing an SSL certificate, you need to complete it again every 397 days. Domain name verification, otherwise it will affect your ability to obtain a new certificate.

Since SSL wildcard domain name verification will no longer support file verification, it is recommended that you use email verification or DNS verification.

When a non-wildcard SSL certificate uses file verification to complete DCV verification, each SAN/FQDN needs to be verified, that is, all top-level domain names and sub-domain names, including all with " www" SAN.

Recommended site search: Hong Kong server purchase, permanent registration-free cloud server recommendation in mainland China, unlimited content hosting in the United States, Jiangsu high-defense server, virtual host server, web page registration, high-defense US server, ip reverse domain name check, permanently free Cloud server address, private server rental,