URGENT: Domain Validation Changes that Impact Partners
The Certification Authority Browser Forum (CA/Browser Forum), is moving towards a standard set of clearly-defined domain validation processes.
In preparation for these updates, Symantec is making changes to its own domain validation procedures. The changes will apply to DV, OV and EV SSL/TLS certificates and will become effective on March 15th, 2017.
Between now and the middle of March, Symantec will be updating our FILE, DNS and WHOIS authentication methods available throughout SOAP and REST APIs These changes will impact all DV SSL/TLS products across all our brands.
Our EV, OV and Ready Issuance products will also be subject to icy changes. In practice, this will mean that Symantec will no longer support Professional Opinion Letters (POL) and practical demonstrations to approve domain names.
As a partner, you will be required to make the following changes:
- Modify your SOAP and REST APIs. In particular, you will need to amend your DNS and File Authentication workflows.
- Test your API updates to support the new domain validation processes in Symantec’s test environment which will be available beginning March 1st, 2017.
- Ensure your API updates are ready for production on March 15th, 2017.
We will be giving our partners two weeks to test all of the updates to their platforms. As the changes are aimed at supporting industry guidelines and best security practices, it is not possible for us to provide an extension to the dates. To keep pace with the schedule, we recommend that partners start testing the updates when we go live with our test environment on March 1st, 2017.
Please note that there will be no transition period, and starting March 15th, 2017, Symantec will only support the updated API implementations and domain validation processes. The changes are mandatory and failure to implement them risks breaking existing API implementations.
Please check this microsite regularly for any changes to the time line or any new updates.