Removing upcoming gTLDs used as Internal Server Names

What are gTLDs?

The new generic Top Level Domain (gTLD) Program designed by the Internet Corporation for Assigned Names and Numbers (ICANN) aims to increase competition and choice in the domain name space. As it stands today, there are currently around 25 gTLDs available (.com, .org, .net, etc.), but soon there is likely to be hundreds, including .shop, .global, .office to name a few. ICAAN openly publishes a list of all new gTLDs under consideration and those that have been approved and made operational.

How New gTLDs Affect New SSL Certificates

Guidelines outlined by the CA/B Forum Baseline Requirements, with which Certificate Authorities such as GlobalSign have to comply, state that a CA should not issue certificates containing a new gTLD under consideration by ICANN as an Internal Server Name.

The Impact on Existing SSL Certificates

Within 120 days after the publication of a contract for a new gTLD, CAs must revoke each certificate containing a domain name that includes the new gTLD as an Internal Server Name, unless the subscriber is either the domain name registrant or can demonstrate control over the domain name. In accordance with these guidelines, GlobalSign will revoke all affected certificates.

GlobalSign’s Actions and Recommendations

To ensure the continued security of websites, servers, and networks, where an SSL Certificate contains a new gTLD as an Internal Server Name, GlobalSign is actively encouraging the SSL Certificate owner to update the certificate by removing the gTLD used as Internal Server Name as soon as possible prior to the release of the new gTLD. This will guarantee that when the new gTLD is released, that certificate will not have to be revoked by the CA, potentially affecting security services.

If you are an existing GlobalSign customer that will be affected by the release of a new gTLD, you will be contacted accordingly. If your SSL Certificate is from another provider, we would encourage you to contact them directly.