The CA / B Forum voted to remove the validation method that uses a test certificate (3.2.2.4.9)

The CA / B Forum, the regulatory authority of the SSL certificate industry, adopted Ballot SC15 related to the deletion of validation method 3.2.2.4.9 by a majority vote.

In method 3.2.2.4.9, the following was noted: control of domain ownership by the applicant can be verified by issuing an unexpired test certificate for the domain name. This certificate must be available to the TLS certification authority through an authorised port in order to issue a certificate with the same public key as in the test certificate.

Method 3.2.2.4.9 will be removed due to the fact that it is unsecure – often, web hosting uses the same IP address for multiple domain names.

This method will no longer be used to validate and issue certificates.

Subscribe to our newsletter to keep up to date with news from the world of SSL and online security.