GDPR and SSL

Due to the recent developments regarding the public WHOIS and GDPR, limiting the output of WHOIS Servers it has become somewhat more difficult to order an SSL certificate, as email address validation might in some cases no longer be an option due to such restrictions imposed by the GDPR.

Email Validation for DV (domain validated) SSL certificates can only be approved via the default mail addresses known as:

  • admin@example.com
  • administrator@example.com
  • hostmaster@example.com
  • postmaster@example.com
  • webmaster@example.com

For more information regarding the GDPR and the changes to the WHOIS output can be found:

The ICANN WHOIS system is gone, the process for a GDPR compliant WHOIS has started!

However, there are alternatives that are more in the spirit of Art 25 of the GDPR and do not require the processing of possible personal data through a public WHOIS.

These alternatives are:

  • HTTP(s) validation, also known as File based validation.
  • DNS validation.

Below a screenshot with more information how to validate HTTP(s) or via DNS validation for DV SSL certificates via Realtime Register. Navigate to “SSL certificates” on the left tab. Select “Positive SSL” or the “Positive SSL Wildcard” and click on next.

On the next page, you can provide the CSR and for which server software it concerns.

After filling in the CSR and selecting the server software, you can continue to the next page:

Where you can provide the period, contact-handle, validation method or dcvEmailAddress. For the validation method there is the possibility to choose between:

  • E-mail based verification
  • DNS based verification
  • HTTP(S) based validation (file based validation)

For doing the validation via DNS or File-based validation there is a complete documentation and how-to via https://support.comodo.com/index.php?/Knowledgebase/Article/View/791/0/alternative-methods-of-domain-control-validation-dcv

 

Privacy by default account setting.

Today we introduce a new account setting called:”Default Privacy Protect setting”, which you can access by clicking here.

Setting disabled.

When selected, domain name registrations and transfers will not use our privacy service automatically. This is how it used to work for years.

Setting enabled when free (and available)

When enabled all domain name registrations and transfers will automatically use our privacy service. Regardless if you use WHMCS, our API or the domain name manager.

A list of available TLDs that can be used for this service is located here.

We keep recommending this service as it is unknown if gTLD registries will continue to publish the data in the WHOIS or not. Several large gTLDs will no longer publish the WHOIS, similar to how we will operate our WHOIS server. But some of them most likely will keep publishing registrant data.

Enabled (when available)

Same as above but also will use privacy services that are not free of charge. Please check the price list in your account if that is the case.

Registration

When you register a domain name you can override your account settings if required. Select the desired action from the drop-down menu.

Current Customers.

At the moment the default setting is not active, as mentioned earlier. Due to the new ICANN contractual regulations that have been rushed out of the door on 17-05-2018 this week, we are reviewing the option to turn this on for all customers. I apologize in advance for any inconvenience this may cause.