What You Need to Know About Comodo’s DCV Changes
Changes To Comodo’s Domain Validation Procedures Coming Next Week
Comodo will be improving their domain validation methods to meet new industry standards. This will result in small changes to how you validate your Comodo certificates, and will actually be a big improvement for those using file authentication.
Conceptually, these methods continue to work the same way. The implementations have just been tweaked slightly to comply with new industry standards and the end result is that the processes have actually gotten easier. Three cheers for security and simplicity!
The average user will not notice an impact to how you request and validate certificates besides a small tweak to the file path for file validation. But businesses that resell certificates or enterprises that automate deployment will want to consult the specific changes to make sure they are ready.
These changes take effect shortly – less than one week from today. Here is a quick summary of what’s changing so you can be prepared.
Validation Changes
Note that this only applies to Comodo. Symantec and Certum made similar changes earlier this year.
There are changes with two of the validation methods: File-based validation and CNAME (aka DNS) validation.
File Validation:
Things are getting much simpler. Before, there were different procedures depending on the type of certificate or the hostnames you wanted to protect.
Now there is just one rule. Place the file at the following path:
<domain.com>/.well-known/pki-validation/<MD5>.txt
Each certificate request will still receive a unique .txt file with a random-looking name (it’s really an MD5 hash of your request). Inside, the file will now contain a unique SHA-256 hash and comodoca.com in a separate line underneath.
CNAME Validation:
As before, you can create a specified CNAME record to validate ownership of your domain. This value will still be provided to you, and you will create it in your DNS manager the same way.
The specifics of the record will change, and this really only affects those that like to familiarize themselves with every detail. There will now be an underscore (“_”) before MD5 hash values and SHA256 hashes that are split into 32-character strings will now be used.
Here is an example of a new record:
_c7fbc2039e400c8ef74129ec7db1842c.<domain.com> CNAME c9c863405fe7675a3988b97664ea6baf.442019e4e52fa335f406f7c5f26cf14f.comodoca.com.
When Do I Need To Make These Changes
These changes will take effect next Thursday, July 20, 2017.
For “retail customers,” who purchase directly from Comodo or from a reseller like us, you will automatically start receiving the updated files and instructions. Because these files and CNAME values are prepared by Comodo, you may not even notice a difference.
Resellers, enterprise customers, and other high-volume certificate users will need to spend more time preparing.
If you use a plugin or API to purchase your Comodo certificates, check with your provider what (if any) update needs to be made so you can be compatible with the changes.
Our resellers and enterprise users can update anytime between now and the 20th, which is the deadline for the switch. New versions of the plugins and updated API calls and documentation are available here.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown