New findings from CSC, a global leader in domain security, SSL management, brand protection, and anti-fraud solutions, disclose that up to 40% of enterprises could face unpredicted service disruptions due to expired secure sockets layer (SSL) certificates. This risk is linked to their ongoing reliance on WHOIS-based email addresses for domain control validation (DCV), which will be officially phased out by July 15, 2025.
In its study of over 100,000 global SSL certificate records, CSC discovered that many organizations continue to use WHOIS email as their primary DCV method, despite the CA/Browser Forum’s 2024 decision to deprecate it due to its inherent security vulnerabilities. After the July 2025 deadline, certificate authorities (CAs) will no longer accept WHOIS-based validation, forcing companies to adopt alternative methods to avoid operational disruptions.
Cyber Technology Insights : National Cybersecurity Trailblazer Joins Ice Miller
Alarmingly, 17% of organizations surveyed were unaware of their current DCV process, highlighting widespread gaps in visibility and preparedness among IT and security teams. CSC urges companies to audit their SSL certificate management workflows immediately and migrate to approved alternatives, such as DNS-based validation or file-based web token methods, to maintain seamless operations.
“WHOIS-based email has long been viewed as a straightforward, non-technical DCV option,” describe Mark Flegg, CSC’s Senior Director of Technology, Security Products and Services. “Organizations that fail to transition to alternative validation methods face serious risks—from website downtime to critical service failures. Moreover, these changes are just the beginning. With the industry moving towards automation of certificate and validation management, enterprises need to start their preparation now to align with future requirements.”
Cyber Technology Insights : Stellar Cyber 6.0.0 Accelerates the Shift to a Human-Augmented Autonomous SOC
Starting March 15, 2026, certificate validity periods will progressively shorten from the current 367 days to 200 days, then 100 days, and eventually just 47 days by 2029. Similarly, DCV reuse windows will reduce from 367 days to 200 days, then 100 days, and finally only 10 days by 2028. As a result, companies could face up to eight certificate renewals per year, with revalidation potentially required each time.
To help organizations navigate these significant changes, CSC has introduced its Domain Control Validation as a Service (DCVaaS). This new offering, available free for CSC clients, streamlines validation processes, dramatically reduces certificate renewal times by up to 99%, and alleviates the operational burden on IT teams.
Cyber Technology Insights : PTP Achieves AWS Managed Security Service Provider Competency Status
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source: businesswire
