Changes to domain validation for SSL/TLS certificates

From Jan. 1, 2025, it will no longer be possible to use e-mail addresses from the WHOIS database for domain validation when applying for SSL/TLS certificates. This change applies to all Certificate Authorities (CAs) and is already being implemented by Sectigo, one of the largest CAs.

Why is this method changing?

WHOIS-based domain validation was used for many years to verify the rightful owner of a domain through email addresses in WHOIS records. However, stricter privacy regulations, such as GDPR, and the use of anonymous WHOIS data have made this method less effective. Therefore, CAs now offer more modern and secure alternatives, such as:

• Validation via generic email addresses (such as admin@, webmaster@)
• Validation via DNS records
• Validation via specific files on the web server (HTTP/HTTPS)

What does this mean for your clients?

As a reseller using our fully white-label solutions, it is important to be aware of these changes so that you can properly inform your customers. At OXXA.com, we support you in this process and make sure that you, and therefore your customers, can transition smoothly to the new validation methods.

How does SSL validation work from now on?

When renewing SSL certificates through the customer portal, we use admin@ email addresses for domain validation by default. Would you like to use a different email address? You can easily change this in the 'pending orders' section in your reseller portal.

Support for you as a reseller

We understand that changes can have an impact on your business processes. That's why our support team is here to help you. Whether it's questions about the new validation methods or assisting your customers with the transition: you can count on us.

Do you have any questions? Feel free to contact us at 088-750 7070.

To overview