The rules for validating Wildcard certificates have been adjusted

The CA/B Forum recently approved Ballot SC45 to address security holes in methods 3.2.2.4.6, 3.2.2.4.18 and 3.2.2.4.19 of the Baseline Requirements*.

These methods are based on HTTP-based control validation, which makes it possible to assert control only over a specific host or service, but not over the entire domain namespace.

Starting December 1, 2021, these methods should not be used to issue Wildcard certificates. Also, they should not be used as Authorization Domain Names for subordinate FQDNs of the verified domain.

Subscribe to our updates to keep up with the latest news from the world of SSL.

*You can read the basic rules at this link.