GlobalSign is conveying the details and possible impact on the validity of some of our verified domains based on a recent CA/Browser Forum ballot related to the use of domain-approver emails obtained from WHOIS or Registry sources.
What Products are impacted?
All MSSL TLS products.
What's Changing?
This CA/Browser Forum ballot details the change and timeline, but to summarize:
- All domains validated via approver email addresses obtained from SOA DNS records or WHOIS cannot be used for issuance after July 14th 2025, as this entire domain validation method will be deprecated. We will disable new domain validations using approver emails obtained from SOA DNS records and WHOIS data prior to July 14th, 2025.
Recommended Actions
MSSL domains validated via these methods will have their expiration date set to July 14th, 2025 which will highlight them as expiring domains that can be renewed via a different method prior to this date.
TLS DV, OV and EV orders can re-use previously verified domains via these methods up until the effective date, and then subsequent orders will require the domains to be revalidated using one of the available domain validation methods via the Domain Validation Page (DVP).
If you have any questions, please don't hesitate to contact a member of the GlobalSign Support Team.