CentralNic's Policy on SSL Certificate Requests
Last updated: November 10, 2011
Many registrants of CentralNic domains wish to use SSL certificates to secure their websites. As CentralNic cares about the security of its users and of the wider internet, this is something that we recommend and support for all websites that process commercial transactions or receive and store personal information.
Unfortunately, not all SSL certificate authorities (CAs) are aware of the existence of a second-level registry system under our domain extensions, so when they receive a request for "domain validation" SSL certificate for a domain such as example.uk.com, they incorrectly do a whois lookup on uk.com, and send an authorisation email to the email address that appears in the whois record, and we receive the email.
Our policy is that all SSL certificate authorisation emails that are received at this address are forwarded to the email address of the registrant in our database. We will not act to approve or reject any certificate requests, just forward them on to the correct recipient.
If the email bounces, no valid email is found for the registrant, or the CA resends the email, then we will access the website of the domain and find an appropriate email address to forward the email to.
Subject Alternative Names
Some SSL certificates include "subject alternative names" (also called subjAltNames). These are additional domain names that are included in the subject of the certificate and allow the the certificate to be used for multiple domains.
CentralNic reserves the right to proactively reject any SSL certificate request if a domain name appears in the subject alternative names that is:
- not registered in our database, or
- not registered to the same registrant as the registrant of the primary domain name of the request, or
- not subordinate to the primary domain, or
- not a subdomain of one of our registry domains
If you have any further questions relating to this policy, please contact us.