There are two domain validation policy changes expected to come before the end of this year that may affect how you validate your website information for certificate requests and prevalidated domains. We recommend that customers review when their domains expire and prepare for the changes this summer.
First, Mozilla and the CA/Browser Forum recently modified the reuse period for domain validation from 825 days to 398 days. This matches the change made last year to certificate validity periods. The change does not impact previously issued certificates but will impact any customer issuing a new certificate or rekeying or modifying a previously issued certificate where the validation information is older than 398 days. This change will apply to new requests, renewals and reissues for all TLS/SSL certificates. The change may also impact S/MIME certificates using domain validation rather than email-based verification.
While customers have several months to prepare for the change, we don’t recommend waiting until September to get started. Enterprises using pre-validated domain information should submit the information for revalidation before October to avoid unnecessary interruptions in automated certificate deployment. Note that EV certificates already require annual reverification, and, as such, are not impacted by this modification.
We suggest that customers revalidate domains in August using a DNS method to prepare for the change. When revalidating prior to October, customers should review what DCV options they are currently using, because with additional industry changes, they may need to move to alternative DCV methods like DNS-based validation methods. This will ensure that domains are valid through the changes and provide the longest available timeframe before they will need to be revalidated.
DigiCert will no longer reuse validated domain information longer than 398 days and will require revalidation every 13 months starting Oct. 1, 2021. We recommend that customers set up a long-term strategy for domain reauthentication to ensure validation continuity.
It’s never been more important to stay on top of your certificate management, and as we’ve mentioned before, the old way of spreadsheets and notifications is no longer viable to keep up with industry changes and compliance demands. That is why we are working harder than ever behind the scenes to give you a better understanding of your validation snapshot. Log in to your DigiCert CertCentral® account today and navigate to the Domains page to review your domains, check on validation expiration dates and even trigger re-validation now in case you need a new certificate tomorrow. Combine your validation readiness with our Automation suite to ensure that you never experience downtime when uptime is critical.
CertCentral manages all TLS certificates throughout the certificate lifestyle. The award-winning platform features a rich automation suite, continuous updates and an API-based development structure for easy implementation into popular platforms and systems like ServiceNow.
With CertCentral, you can also take advantage of additional features to simplify certificate management, such as:
Current DigiCert customers can visit CertCentral to review when their domains expire and prepare to maintain validation. Additionally, feel free to reach out to your DigiCert account representative if you have further questions.