SSL Certificates.

SSL Certificate Policy

Many registrants of domains wish to use SSL certificates to secure their websites. As the Registry cares about the security of its users and of the wider Internet, this is something that we recommend and support for all websites whether or not they process commercial transactions or receive and store personal information.

Not all SSL certificate authorities (CAs) are aware of the existence of a second-level registry system, so when they receive a request for “domain validation” SSL certificate for a domain such as, they incorrectly do a whois lookup on, and then send the authorisation email to the email address that appears in the whois record, and we receive the email.

Our policy is to forward or redirect SSL certificate authorisation emails that are received at this address to the email address of a contact for that domain in our database. We will not act to approve or reject any certificate requests, just forward them on to the correct recipient.

If the email bounces, no valid email is found for a domain contact, or the CA resends the email, we may review the website of the domain in order to find an appropriate email address to forward or redirect the email to.

Subject Alternative Names

Some SSL certificates include “subject alternative names” (also called subjAltNames). These are additional domain names that are included in the subject of the certificate and allow the the certificate to be used for multiple domains. reserves the right to proactively reject any SSL certificate request if a domain name appears in the subject alternative names that is:

  • not registered in our database, or
  • not registered to the same registrant as the registrant of the primary domain name of the request, or
  • not subordinate to the primary domain, or
  • not a subdomain of one of our registry domains

If you have any further questions relating to this policy, please contact us.

Back to Policies