Adapting to Industry Changes for Better Web Security
The CA/B Forum has voted on removing the file-based domain control validation (DCV) method for Wildcard certificates (e.g. *.domain.com) starting Dec. 1, 2021. So why the update?
The change was created in response to the concern that host-based control validation isn’t a strong enough way to demonstrate that someone has control over a domain’s entire namespace. Ultimately, this change improves security for subdomains and therefore, web users overall.
To be prepared and acclimated before the official start date, major CA’s such as DigiCert and Sectigo, will no longer allow file-based DCV for Wildcard certificates starting Nov. 15. After that, users can only use email and DNS validation methods to perform DCV for Wildcards.
What can you do to prepare?
1. | Get your team ready. Make sure your dev and support teams are caught up on the update so they can update your system and provide customer support as needed after the change. |
2. | Get your website ready. For Wildcard purchases on your site, be sure to remove the option to use File-based DCV and also update any documentation on DCV methods. |
3. | Get your customers ready. With your team and system updated, you can make an announcement to all your customers or send a message directly to your customers who use the filed-based method for wildcards to let them know about the changes. |