Verisign SSL Certificates,SSL Security Certificates,Security Certificates
Secure Server, Certificate Authority, Trusted Certificate,
Trusted Certificate, Microsoft Certificate, Secure Web Server,
Apache SSL Virtualhost, SSL Certificate Generator, SSL Certificate Generator Gujrat,
Private SSL Certificate Mumbai, Certificate Authority India, Certification Authority Certificate,
Certificate Authority, Microsoft Certificate, Private SSL Certificate India,
Code Signing Certificate, Code Signing Certificate Maharashtra, CSR Certificate Mumbai,
Digital Certificate Mumbai, Digital Certificate India, Cheap SSL Certificates Maharashtra,
Digital Certificate, Encryption Certificate, Entrust SSL Certificate Delhi,
Verisign SSL Certificates,SSL Security Certificates,Security Certificates
 

To Respected Associates,

***ATTENTION: The information presented below encompasses important details pertaining to changes that may need your immediate consideration, if you are using our plug-ins or REST API***

Summary

In order to take certificate issuance to the next level of accuracy, some modifications have been implemented to standard as well as DNS-based Domain Validation (DV) process.

Well! Change is good, if it results good. Right? These changes are made by the top-notch certification authority, Symantec, which brought Ballot 169 – Revised Validation Requirements in the picture. It is a document that contains the legitimate guidelines, required to complete the validation process with more clarity for issuing digital certificates.

Compliance plays a significant role to streamline any workflow management, and the information contained in this ballot helps CAs to follow the required authentic guidelines for certificate issuance.

Be it any process, excellence is not attained overnight. The process of forming these guidelines was time-consuming as they required loads of analysis. But, being a trusted player in the PKI industry, we thought of communicating all these changes to you right away, which can be helpful for you as well as your customers.

Quick actions matter the most in the success of any business vertical, and we appreciate the swiftness of Symantec for immediately conveying this information to us. Believing in the same principal; we, at mysslonline have been performing quick updates to our APIs, systems, documentation, and workflow management for our re-sellers and their prospective clients.

However, these updates do not make any change to the process of email based validation. In other words, the guidelines mentioned in the Ballot 169 do not apply to the email based validation. Our IT teams have been continuously burning their midnight oil to complete this phase of transition. As of now, you can test these changes in our sandbox platform, which is also known as a testing environment.

We comprehend that implementing these changes on a short notice will indeed be an uphill task, but in order to stay synchronized with the evolutions in the PKI industry, it was a mandatory move. Please be informed that if you are using the obsolete APIs/plugins or unable to perform these changes, you may encounter validation issues. This situation may hamper your business process as well as customer’s experience.

These changes apply to all partners associated with Symantec, RapidSSL, GeoTrust, and Thawte.

To stay away from hassles related to File and DNS-based authentication, it is recommended for partners to adhere these API changes in their live practice. Here is the effective date related to this update:

  • Symantec/GeoTrust/Thawte/RapidSSL - March 15th, 2017

Methods that are Impacted by the Ballot 169

Through the rigorous analysis of Symantec/GeoTrust/Thawte/RapidSSL, some useful changes to file and DNS based authentication are made. They need to be followed for completing the validation process. If you are in the quest of understanding it in detail, clicking Symantec ’s Detailed Information will certainly solve your purpose. However, we have jotted down the following highlights, which could be understood within no time:

File Based Authentication Method: It is one of the most common types of authentication wherein you need to upload a file to a specific location (directory), which is provided by your Certificate Authority (CA). This procedure is used for quickly verifying the domain authority of any user. Here are the updates applied to this methodology:

  • The record type has been changed from .html to .txt, which means now you need to upload a txt file for the validation purpose.
  • Random string value is increased from 32 to 64 characters
  • The file url path has been changed to “http:// or https://>/.well-known/pki-validation/fileauth.txt” now.
  • File Auth Time Stamp has been changed from “Time of order submission +/- 24 hours” to “Order date minus 7 days”. It means that the string will remain valid for 7 days, which used to be 24 hours in the past.
  • The process of shared key generation is changed from “HMAC with SHA1” to “HMAC with SHA2”
  • APIs related to order, reissue, and revoke changed from the code “ returned in response” to “removed from response”

Domain Based Authentication Method: This is another intelligent method, used for validating the domain authority of any user. This authentication is usually performed by DNS managers wherein they create domain records through the string value (cname) provided by Certificate Authority (CA). The updates made to this process are presented below:

  • The record type, which used to be CNAME has been changed to TXT.
  • The random string value has been modified from 32 to 64 characters.
  • DNS value location is changed too. It is “random string in TXT record” now, which happened to be “s .domain.com“ before.

Please click here if you want to go through further details along with questions related to these amendments.

Expectations from Our Partners

  • Regularly update your APIs and Plug-ins.
  • Verify if updates in your APIs are made appropriately by checking them in our testing environment.
  • Make sure to implement the changes in your production line per dates mentioned.

This document includes the information, which may be required to understand the updates made to the certificate validation workflow. In case you come across any other question, please feel free to revert on our email, mail@jnrmanagement.com

Best Regards,

The mysslonline Team