Over the last couple of years, the CA Browser forum has been working to fine tune requirements for Certificate Subscribers and Certification Authorities to ensure that the SSL/TLS certificate validation process is as secure as possible. While we view these updates as a good thing for the security of the internet as a whole, these changes can sometimes make a process that is already complicated even more complex for IT Security professionals to complete when applying for SSL/TLS certificates for their respective organizations. These changes to the verification process come at a time where SSL/TLS has already become a more complicated technology to deal with when you consider some of the vulnerabilities related to server configurations that have come up over the last 5 years, requirements from the industry to implement new technical requirements such as Certificate Transparency and Certification Authority Authorization, and recent changes to the maximum certificate validity periods just to name a few.

One of the most recent changes that has been made to the SSL/TLS guidelines was the deprecation of domain validation methods 1 and 5 on August 1st, 2018. As a result, there are fewer options for organization to complete the validation process when applying for SSL/TLS certificates. The good news is that there are other enterprise friendly options to perform domain validation and we have the systems to support these methods in a way that is completely self service to our customers. In fact, these industry changes to the verification process helped us to accelerate the development of our verification platforms for our customers and resellers. What does all of this mean for IT Security professionals who have to deal with public certificates and the validation process that goes along with it?

SSL/TLS certificate validation is critically important for the overall security of the internet and online identities. This is something that Entrust Datacard is serious about and have been taking seriously for more than 20 years. We are leveraging all of our industry expertise to provide our customers with the knowledge they need to navigate through the future of identify and domain verification, along with the tools they need to be successful.

Certification Authorities have different levels of identity that can be included in certificates, including certificates that offer no identity that only provide encryption, to certificates that offer very strong identities along with encryption capabilities. In general, the process of obtaining an SSL/TLS certificate with identity information requires the following checks to be completed:

  • Proof that the applicant has control over the domain name in question where the certificate will be presented, for example, entrustdatacard.com.
  • Validation of the organization behind the website and the certificate subscribers.

Entrust Datacard has been working diligently over the last year to make this process as easy as possible for our customer while maintaining strict standards. We have made and will continue to make significant investments into our verification systems to make the process more seamless for legitimate organizations, while striving to make our process impossible to crack for attackers.

One area where we have been able to provide self-service verification is during the domain validation process, where you are asked to provide proof of domain control. With the methods that are currently available in the CA Browser forum guidelines, this requires you to take some action to prove control. Our systems have been designed to facilitate this process and to put you in full control of the process.

If your organization is the legitimate owner of a domain, our  self-service domain validation methods make it easier than ever to complete the domain validation process, even in the middle of the night or on weekends as long as you have already completed the business verification process.

We plan to discuss the topic of the importance of online identities and recent updates to our verification processes in an upcoming webinar on October 10th, 2018 @ 11am EST. We hope that you can join us to see what changes we have made to our systems over the last year and to get a preview of what is to come in the near future.

Webinar Details

Domain Validation Methods are Changing – Learn How New Validation Methods Put You in Control
Date: Wednesday, October 10th
Time: 11:00am EST

REGISTER NOW >>

Dathan Demone
Dathan has worked in the public key infrastructure and digital certificate industry for almost 15 years, focusing on SSL/TLS certificates and Certificate Management solutions. Dathan is currently a Sr. Manager at Entrust and is responsible for the Certificate Verification Services organization. In his previous roles, Dathan served as a Product Manager, with a focus on delivering new products and services to Entrust Datacard clients and partners. Prior to his role as a Product Manager, Dathan also worked as a Technical Sales Consultant where he spent many years working directly with customers to provide certificate based security solutions to organizations around the world.