GDPR and SSL

Due to the recent developments regarding the public WHOIS and GDPR, limiting the output of WHOIS Servers it has become somewhat more difficult to order an SSL certificate, as email address validation might in some cases no longer be an option due to such restrictions imposed by the GDPR.

Email Validation for DV (domain validated) SSL certificates can only be approved via the default mail addresses known as:

  • admin@example.com
  • administrator@example.com
  • hostmaster@example.com
  • postmaster@example.com
  • webmaster@example.com

For more information regarding the GDPR and the changes to the WHOIS output can be found:

The ICANN WHOIS system is gone, the process for a GDPR compliant WHOIS has started!

However, there are alternatives that are more in the spirit of Art 25 of the GDPR and do not require the processing of possible personal data through a public WHOIS.

These alternatives are:

  • HTTP(s) validation, also known as File based validation.
  • DNS validation.

Below a screenshot with more information how to validate HTTP(s) or via DNS validation for DV SSL certificates via Realtime Register. Navigate to “SSL certificates” on the left tab. Select “Positive SSL” or the “Positive SSL Wildcard” and click on next.

On the next page, you can provide the CSR and for which server software it concerns.

After filling in the CSR and selecting the server software, you can continue to the next page:

Where you can provide the period, contact-handle, validation method or dcvEmailAddress. For the validation method there is the possibility to choose between:

  • E-mail based verification
  • DNS based verification
  • HTTP(S) based validation (file based validation)

For doing the validation via DNS or File-based validation there is a complete documentation and how-to via https://support.comodo.com/index.php?/Knowledgebase/Article/View/791/0/alternative-methods-of-domain-control-validation-dcv