Last update at :2024-01-21,Edit by888u
Recently, Digicert made the following response to the two major changes in SSL certificate domain name verification released by CA/B Forum three months ago:
- Starting from September 27, 2021, the Digicert SSL certificate needs to be re-verified every 397 days;
- From November 15, 2021, Digicert wildcard SSL certificates do not support file verification domain names. If you use file verification domain names for non-wildcard certificates, each SAN or FQDN requires independent domain name verification.
Note: When currently using file verification to complete DCV, if the certificate contains both top-level domain names and sub-domain names, you only need to complete the top-level domain name to pass all DCV verifications.
From November 15th, if you use file verification to complete the DCV when applying for a non-wildcard SSL certificate, the top-level domain name and subdomain name need to be verified separately.
At the same time, Digicert pointed out that this SSL certificate policy change applies to new applications, renewals, re-signings and all domain names that have passed DCV. Issued SSL certificates are not affected.
Impact of changes in SSL certificate domain name verification policy
1. Starting from September 27, 2021, the Digicert certificate system will shorten the domain name verification validity period from 825 days to 397 days.
- After the new regulations take effect, the validity status of domain names that have been verified by DCV will change accordingly. Its verification status may change from "verified" to "pending verification", resulting in the inability to immediately issue an SSL certificate related to the domain name. Domain name verification must be completed again before the SSL certificate related to the domain name can be newly signed or re-signed.
- The SSL certificate that has been issued will not be affected in any way!
2. Starting from November 15, 2021, Digicert wildcard certificates will no longer support the use of file verification to complete DCV. When using this method for domain name verification in non-wildcard certificates, each SAN or FQDN needs to be verified. Independent domain verification.
(Example pictures before and after changing the file verification rules)Solution
1. Do domain name verification regularly
The domain name that has completed DCV verification is only valid for 397 days, which means that whether you are applying for a new, renewing or re-signing an SSL certificate, you need to complete the domain name verification again every 397 days, otherwise it will affect your ability to obtain a new certificate. .
2. Change the wildcard domain name verification method to email verification or DNS verification
Since SSL wildcard domain name verification will no longer support file verification, it is recommended that you use email verification or DNS verification.
3. Verify each SAN/FQDN
When a non-wildcard SSL certificate uses file verification to complete DCV verification, each SAN/FQDN needs to be verified, that is, all top-level domain names and subdomain names, including all SANs with "www".
The above is Digicert’s explanation on the change of SSL certificate domain name verification. For more details, please follow Ruicheng Information to learn about the latest industry news outside mainland China!
Recommended site search: US host, IP proxy server, host space, Hong Kong host hosting, foreign trade space, Hong Kong high-defense server rental US free virtual host, overseas virtual host, virtual host evaluation, server rental US high-defense,
p>
发表评论