The European Data Protection Regulation (GDPR) came into effect on 25th May and its impact on the management of your SSL certificates portfolio is not neutral.
All Certification Authorities have previously always relied on the WHOIS of the domain name that needs to be certified in order to validate that the certificate applicant has the domain name technical operator’s agreement.
In order to validate an order, one of the authentication steps involved sending an email to one of the email addresses (admin or technical) found on the WHOIS.
However, the GDPR has left its mark and registrars no longer have the right to provide domain name owner personal data without the owner’s explicit consent. This means that the WHOIS database is unusable in terms of Certification Authorities being able to send out validation emails.
Faced with this situation, the Certification Authorities propose sending domain validation emails to one of the following generic addresses by default:
admin@domain.com
administrator@domain.com
postmaster@domain.com
webmaster@domain.com
hostmaster@domain.com
What if none of these addresses exist or is it too complicated to create?
There is an alternative solution. The Certification Authorities are able to validate that you have the domain name technical operator’s agreement through TXT record verification in the DNS zone of the domain name to be certified.
By verifying the presence of this TXT record, the Certification Authority is able to:
- issue the certificate if it is a simple DV certificate (Domain validation)
- continue to the next authentication steps if it is an OV (Organization Validation) or EV (Extended Validation) certificate.
Even with this in mind, the GDPR is changing the game and is having a significant impact on the SSL industry.
If the generic email validation method is not possible and we have to use TXT record verification method then we will indeed see an increase in certificate processing times.
What are the benefits of using Nameshield to manage your SSL certificates portfolio?
As a Registrar, Nameshield offers a unique market advantage for its SSL clients.
Nameshield carries out a pre-authentication process before each order reaches the Certificate Authority. This makes it possible to anticipate any blocking factors and if necessary to act quickly to resolve them:
- Modification of a WHOIS
- Edition of the zone to set up a TXT record (if the DNS are those of Nameshield)
- Creation of alias admin @, administrator @, webmaster @, postmaster @, hostmaster @ (if the MX are those of Nameshield)
If you have any questions, please do not hesitate to call our dedicated SSL service.