What You Need to Know About Comodo’s DCV Changes
Changes To Comodo’s Domain Validation Procedures Coming Next Week
Comodo will be improving their domain validation methods to meet new industry standards. This will result in small changes to how you validate your Comodo certificates, and will actually be a big improvement for those using file authentication.
Conceptually, these methods continue to work the same way. The implementations have just been tweaked slightly to comply with new industry standards and the end result is that the processes have actually gotten easier. Three cheers for security and simplicity!
The average user will not notice an impact to how you request and validate certificates besides a small tweak to the file path for file validation. But businesses that resell certificates or enterprises that automate deployment will want to consult the specific changes to make sure they are ready.
These changes take effect shortly – less than one week from today. Here is a quick summary of what’s changing so you can be prepared.
Note that this only applies to Comodo. Symantec and Certum made similar changes earlier this year.
There are changes with two of the validation methods: File-based validation and CNAME (aka DNS) validation.
Things are getting much simpler. Before, there were different procedures depending on the type of certificate or the hostnames you wanted to protect.
Now there is just one rule. Place the file at the following path:
Each certificate request will still receive a unique .txt file with a random-looking name (it’s really an MD5 hash of your request). Inside, the file will now contain a unique SHA-256 hash and comodoca.com in a separate line underneath.
As before, you can create a specified CNAME record to validate ownership of your domain. This value will still be provided to you, and you will create it in your DNS manager the same way.
The specifics of the record will change, and this really only affects those that like to familiarize themselves with every detail. There will now be an underscore (“_”) before MD5 hash values and SHA256 hashes that are split into 32-character strings will now be used.
Here is an example of a new record:
_c7fbc2039e400c8ef74129ec7db1842c.<domain.com> CNAME c9c863405fe7675a3988b97664ea6baf.442019e4e52fa335f406f7c5f26cf14f.comodoca.com.
When Do I Need To Make These Changes
These changes will take effect next Thursday, July 20, 2017.
For “retail customers,” who purchase directly from Comodo or from a reseller like us, you will automatically start receiving the updated files and instructions. Because these files and CNAME values are prepared by Comodo, you may not even notice a difference.
Resellers, enterprise customers, and other high-volume certificate users will need to spend more time preparing.
If you use a plugin or API to purchase your Comodo certificates, check with your provider what (if any) update needs to be made so you can be compatible with the changes.
Our resellers and enterprise users can update anytime between now and the 20th, which is the deadline for the switch. New versions of the plugins and updated API calls and documentation are available here.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown