/
Changes in domain validation from 15 January 2025

Changes in domain validation from 15 January 2025

Owned by Sissel Hoel
Last updated: Dec 05, 2024
2 min read

 

Changes in domain validation

On June 14, 2023, we made changes to Buypass ID Manager to make it easier and more efficient for users to receive TLS certificates issued by automating what we call domain validation. At that time, we introduced the following ‘rule’; send email to domain contact obtained from NORID/WHOIS for .no domains and send email to predefined domain contact hostmaster@<domain> for all other domains. Also we made it possible to use DNS for domain validation for those who preferred that. All domain validations could be reused for Subscriber/domain for up to 398 days. Read more about these changes at Buypass ID Manager with improved support for domain validation from 14 June 2023.

From January 15, 2025, CA/Browser Forum introduces changes. It will no longer be allowed to use domain contact from WHOIS and it will not be allowed to reuse domain validations that were based on domain contact from WHOIS from before January 15, 2025.

What happens now?

Active domain validations that were based on domain contact from WHOIS (or DNS SOA) can no longer be used after January 15, 2025.

For .no domains, we will choose to send email to domain contact hostmaster@<domain> from January 15, 2025 unless there is an agreement to use another predefined domain contact or DNS for domain validation already or comes into place before a new domain validation is needed.

What should you do?

Make sure that hostmaster@<domain> exists and can respond to domain validations.

Or, choose another method of domain validation by contacting Buypass on https://www.buypass.no/produkter/tls-ssl-sertifikater/endre-metode-for-domenvalidering-av-tls-sertifikater:

  • DNS, or

  • Another predefined domain contact (choose one of admin@<domain>, administrator@<domain>, postmaster@<domain> and webmaster@<domain>)

More information

For more information on which domain validation methods are allowed to use, see CA/Browser Forum’s Baseline Requirements section 3.2.2.4: https://cabforum.org/baseline-requirements-documents/.

 

Related content