Changes to Domain Validated Authentication Methods

  Print
Please Note: These changes do not affect certificates already issued and installed.

This article covers important changes to how the Domain Validated Authentication process works for customers using File and DNS Authentication methods.

The following SSL/TLS Certificates are affected by this update

  • RapidSSL
  • RapidSSL Wildcard
  • QuickSSL Premium
  • QuickSSLPremiumMD
  • SSL123
  • Encryption Everywhere Certificates
DNS Authentication Changes

Previously when an order was placed using DNS Authentication we returned a DNS string that had to be put into a CNAME record. Instead we will require the DNS string to be placed in a TXT record.

During the order process we will return a DNS string. Simply create a TXT record on your domain with this string.

For the API this will be returned as

The following API values will no longer be returned


File Authentication Changes

Previously when an order was placed using File Authentication we returned both a File name and File contents. This File then had to be uploaded to your website. The file name is now being standardised across the industry. The file location will always be

/.well-known/pki-validation/fileauth.txt

During the order process we will return a File content.

For the API this will be returned as

The will no longer be returned.

Encryption Everywhere Changes

We have already deployed the File Authentication changes for Encryption Everywhere to both TEST and LIVE environments. These use the new File name and contents and work now.

The DNS Authentication changes will be as above.

We recommend that you DO NOT place any Encryption Everywhere orders on 15 March 2017 until we confirm the systems have been updated.

Note For Resellers

The TEST system will be updated to support the new authentication methods very soon. We will notify you when this is in place.

Functionality Removed from APIv1

For Resellers still using APIv1 from 15 March 2017 we will no longer support DNS or FILE Authentication using this method. There has been significant changes and enhancements to these methods which would require a rewrite of the APIv1 code. As previously notified APIv1 is no longer updated. Resellers should move to APIv2 to continue using DNS and FILE Authentication.



Related Articles