System Announcements

13 March 2018 - TLS & SSL Certificate Strengthening for gTLD Registrars

Please update your gTLD EPP connections to TLS 1.2 and ensure your SSL certificates are valid and signed by a well known Certification Authority (CA). Both changes will now be deployed on 13 March 2018. The following changes will deprecate older versions.

  1. Strengthened TLS requirements for EPP connections
  2. Strengthened SSL certificate requirements

The TLS change is in line with recognised best practice for EPP connection security levels and we strongly advise registrars to now check that they are using TLS 1.2 or higher for all EPP connections. Registrars are encouraged to test their connections using the gTLD testbed (Operational Test and Evaluation - OT&E).

From 13 March 2018 you will need to use TLS 1.2 or higher for your EPP connections and connections attempted using lower TLS levels will fail. 

From 13 March 2018 it will no longer be possible to make an EPP connection where the client SSL certificate is invalid or missing. Certificates must be signed by a well know Certificate Authority (CA) and be valid (i.e. not expired or self-signed). We advise registrars to review their certificate signing and renewal processes to ensure that their certificates are valid. 

If you have any questions regarding this system update, please contact our customer services team on +44(0)1865 332481 or via email.

Date Announced: 
Friday, November 10, 2017 - 13:19