Partner Blog 06-01-2018

Improved Threat Detection, New SANs on old contracts, & GDPR


This week’s release introduces another set of changes to our platform, which you can find in the following paragraphs.

Malware Scan and Vulnerability Assessment

Early in May, we announced changes to the Malware Scanning and Vulnerability Assessment tools offered on various SSL certificate products within our Symantec Secure Site suite. Our scan results format has changed slightly, however we have maintained as much backwards compatibility as possible in scan result structure. Please verify your customers’ implementations to ensure continuity of threat detection.

Alongside these changes, we also announced our End of Sale (EOS) for our standalone GeoTrust Anti-Malware Scanning services. We’ll implement this EOS in our next release, where the ability to order the services through our portals and APIs will be removed.  Although we are no longer offering new service subscriptions, all existing subscriptions will continue to work until they expire.

Reviving old contracts just to add SANs?

Our process for adding one or more Subject Alternative Names (SANs) to an order from an expired contract (or from an out-of-credit bulk contract) seemed straight out of a zombie movie—like pulling a contract back from the dead—especially for partners from outside the United States.  Now we can avoid the undead by simply charging additional SAN(s) to a different contract.

Welcoming the Curaçao (CW) and Bonaire (BQ) Country Codes

Although the Netherlands Antilles (AN) dissolved into separate countries nearly 8 years ago, our issuance infrastructure only accommodated the country code of one former AN countries—Aruba (AW).  We’ve now caught up and accommodate Curaçao (CW) plus Bonaire (BQ) from the BES Islands municipalities. Welkom bij onze producten! 

Customer Notice for GDPR Impact on WHOIS

The recent global wave of email notifications about privacy (re)statements is finally subsiding, in the wake of the European Union’s implementation of its General Data Protection Regulation (GDPR).  However, there remains material concern about GDPR impact on WHOIS and resulting impact on email validation using WHOIS contacts.  To address this concern, we added this short note to the Partner Portal and the End User Portal for each page where Domain Control Validation is invoked:

General Data Protection Regulation (GDPR) and your certificates

The European Union’s General Data Protection Regulation (GDPR), in effect as of May 25, 2018, introduces policies that may prevent us from getting the proper domain contact email from your registrars. Your domain contact is a primary method to prove domain ownership for certificate requests and domain approvals. To learn more and make sure you continue to get your certificates promptly, visit our Note on WHOIS, GDPR and Domain Validation.  GDPR has no impact on valid certificates and domains.

Next Sprint: 7 June 2018

As mentioned in my previous blog post, today’s release took a little longer to accommodate some internal deadlines. To resume our original schedule, our next sprint will be a short one, ending under a week from now.  Working quickly in a short time, we’ll focus on finishing File authentication for DNS revocation plus several underneath-the-hood changes that might not even warrant their own blog post. Regardless, I intend to at least provide a “what’s next” update in my next post.

Stay tuned and keep that helpful feedback coming.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Digital Trust as an IT Imperative


The Seven Habits of Highly Trustworthy Devices


How the Smart Seal Displays Trust for an Innovative Provider of Quantum-Safe Security Solutions