Ondersteuning LeaderSSL®: offline:
ma - vr 9:00 - 18:00 CET-tijdzone
Klantenservice Facturering:

Maandag - vrijdag:
9:00 - 18:00 CET-tijdzone

Technische ondersteuning:

Maandag - vrijdag:
9:00 - 18:00 CET-tijdzone

Bestelsysteem/certificaatuitgifte:

24 x 7

Nieuws

CA / B Forum updated IP validation methods

CA B Forum updated IP validation methods

The CA / B Forum, the regulator of the SSL industry, has passed adopted Ballot SC7, dedicated to updating IP validation methods.

Previously, Ballot 169 had been adopted. This included removal of method 11 (“Any other method”) from section 3.2.2.4. Instead of this method, explicit validation methods were indicated.

The new Ballot SC7 also proposes to delete clause 4 (“Any other method”) in 3.2.2.5 and specify instead an explicit list of IP validation methods.

Over time, it is planned that IP validation methods will be processed in the same way as domain validation methods.

List of major changes in Ballot SC7

A key change in Ballot SC7 is a complete update of Baseline Requirements section 3.2.2.5.

In particular, the section outlines allowed processes and procedures for validating ownership of the IP address specified in the certificate.

Short list of changes:

  • Before the certificate is issued, the certification authority must ensure that all IP addresses specified in the certificate have been verified using one of the valid methods outlined in 3.2.2.5.
  • From July 31, 2019, certification authorities should keep a record of which IP address verification method was used (with the addition of the appropriate version of the basic requirements).
  • Added item 3.2.2.5.1, to confirm control of an IP address through a token or a random value in the web page file of the site (in the /.well-known/pki-validation directory or in any other IANA registered directory).
  • Added clause 3.2.2.5.2, to confirm control over an IP address via email, fax, SMS, letter.
  • Added item 3.2.2.5.3 for reverse address lookup.
  • Method 3.2.2.5.4 (“Any other method”) should not be used to perform validation checks from July 31, 2019.
  • Added method 3.2.2.5.5, to confirm control over the IP address by making a phone call to the applicant (or sending a voice message).
  • Added method 3.2.2.5.6, to confirm control over an IP address by performing the ACME “http-01” procedure.
  • Added method 3.2.2.5.7, to confirm control over the IP address by performing the ACME “tls-alpn-01” procedure.

You can find on GitHub a complete list of basic requirements changes: https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC14---Phone-validation-updates.

Subscribe to our newsletter to stay up to date with the latest changes from the SSL world and online security. 


Bent u klaar om het te proberen?


Ja! Laten we het gratis proberen!

Nog vragen?
Bel ons nu +31 20 7640722