Domain Verification Changes
Jul 19, 2020
Domain Verification Changes
CA/B Forum Domain Verification Changes taking effect on February 27, 2017
The CA/B Forum has announced updates to the Ballot 169 - Revised Validation Requirements, by which we are obligated to comply with. As such, GlobalSign will be making the changes listed below on February 27, 2017.
- The CA/B Forum has specified a standard location to be used by all CAs when performing domain verification using the HTTP Verification Method. GlobalSign has historically referred to this as the Meta Tag or URL verification method because we allowed users to insert a meta-tag in the head of the main index page. The CA/B Forum has specified that this validation method must use the /.well-known/pki-validation directory. In support of this requirement GlobalSign will require that the provided Domain Validation Code (DVC) be placed in the file gsdv.txt and that this file be located on their web server here: example.com/.well-known/pki-validation/gsdv.txt.
We recommend to all customers to start using the new location as soon as possible to avoid any unexpected interruption of service when the other locations are disabled on February 27th, 2017. This change is especially important for GlobalSign API customers that programmatically receive the DVC and place it on their website. For more information please visit our HTTP Domain Verification support articles.
- Furthermore, as specified by the CA/B Forum, the Domain Validation Code has a 30 day limit to be used in performing domain verification for DomainSSL and AlphaSSL Certificates. For orders that use Email Verification, customers may “Update Approver Email” and resend the email which results in a new link and another 30 days to approve the order. For HTTP and DNS verification methods, the order must be cancelled and reordered after 30 days.
- Lastly, we’re making some minor changes when users order a certificate with Common Name (CN) that begins with www (e.g. www.example.com). In the past we included example.com in the certificate regardless of where and how the order was approved. Starting on February 27th, 2017, users that want to secure example.com must perform validation on example.com.
Order Certificate for |
Validate on |
Today Certificate secures |
Starting February 27th certificate will secure |
example.com |
example.com |
example.com |
example.com |
www.example.com |
example.com |
www.example.com
example.com |
www.example.com
example.com |
www.example.com |
www.example.com |
www.example.com |
www.example.com
<no example.com included> |
Reference
1. Ballot 169 - Revised Validation Requirements