What Products are impacted?
All MSSL TLS products.
What's Changing?
This CA/Browser Forum ballot details the change and timeline, but to summarize:
As of January 15, 2025 CAs must not re-use domains validated with approver email addresses obtained via any method other than the WHOIS protocol. GlobalSign has been using direct communication to registrar hosted web sites on a case-by-case basis because many registrars limit what data they return via WHOIS for privacy reasons. Domains that were approved via this method will be expired on this date.
As of 15, July, 2025, all domains that used WHOIS-provided approver emails for validation will be set to expire on this date as this entire domain validation method will be deprecated.
Recommended Actions
Please monitor the expiration dates of domains in your account and re-validate them prior to January 15th to avoid uninterrupted certificate issuance for those domains. We recommend using a method other than WHOIS-provided email addresses since domains using that method will all be prohibited by July 15th, 2025. Customers that prefer email-based domain validation should review this article, Using DNS TXT records for specifying Domain Approver emails: GlobalSign Support, that outlines a new method we recently released.
GlobalSign will be disabling all domains that are validated via WHOIS-provided emails and customers should use one of the preferred methods for validation; details can be found in the article above.