Change when using FILE domain authentication
(24. 11. 2021) As a result of the CA/B forum's decision, verification using the FILE method on the CA side has changed. The FILEAUTH.TXT file on FTP can no longer verify the subdomain using the parent domain, but all forms specified in the certificate must be accurately verified. FILE authentication also cannot now be used for Wildcard domains.
The FTP file must be newly set for all domain forms included in the certificate order. Therefore, if the certificate is ordered for zoner.com and is to secure www.zoner.com at the same time as this domain, the FILEAUTH string must be set for both forms, i.e. for zoner.com and www.zoner.com.
Example of FILE method verification
It is now not enough to verify the higher-level domain (parent), but you must verify all the domain shapes included in the order (i.e. the form with the WWW is also verified separately).
Example of SAN verification in a certificate | Location of the verification file | Allowed for certificates before November 16, 2021 | Allowed for certificates issued after November 16, 2021 |
sslmarket.com | sslmarket.com | Yes | Yes |
sub.sslmarket.com | sub.example.com | Yes | Yes |
sub.sslmarket.com | sslmarket.com | Yes | No |
*.sslmarket.com | sslmarket.com | Yes | No |
www.sslmarket.com | sslmarket.com | Yes | No |
www.sub.sslmarket.com | sub.sslmarket.com | Yes | No |
Attention: For domain DV certificates, one string is enough for all SANs, which you will find in the order. For OV/EV authentication, you get a unique string for the verified subdomains.
Not sure how to verify your domain? We will help you
If you have any questions or feel that the verification is not going as it should, do not hesitate to contact us. However, due to this alternate verification’s increased difficulty, we recommend that you use DNS authentication instead.