Skip to main content

Validating Domain Certificates in CERTInext

All Stanford domains must be validated by June 30, 2026.

InCommon has announced a transition from Sectigo to a new certificate authority, CERTInext. As part of this transition, Stanford domains that request or renew certificates through InCommon will need to be validated in CERTInext by June 30, 2026.

It is critical that you follow the steps below to validate the domain certificate by that date.

Steps to validate the domain certificate in CERTInext:

  1. Log in to the CERTInext portal.
    1. https://us.certinext.io/login
    2. Credentials: Stanford SSO
  2. Go to Domains.
  3. Locate your domain.
  4. Open the domain record and copy the TXT validation value provided by CERTInext.
  5. Work with your DNS administrator to add the TXT record to DNS.
  6. After the DNS record has been added and propagated, return to CERTINext and click Verify Now
  7. Confirm that the domain status changes to Validated.

Please take a look at the FAQs listed below. If you have any additional questions or need more information, feel free to submit a Help Request or reach out to the team at ssl-announce@lists.stanford.edu.

 

Frequently Asked Questions

What do I need to do as a domain administrator?

Validate the domain certificate in CERTInext by June 30, 2026, following the instructions above.

What is the deadline for certifying/validating the domain certificate?

June 30, 2026.

What happens if I miss the certification deadline?

If your domain is not validated by June 30, 2026, your existing SSL/TLS certificate should continue to work until its normal expiration date. However, you may not be able to request or renew certificates for that domain through InCommon/CERTInext until domain validation is completed.

Will my existing certificate stop working on June 30, 2026?

No. Existing certificates are expected to continue working until their normal expiration date. The June 30 deadline applies to completing domain validation in CERTInext so that future certificate requests and renewals can continue without interruption.

Who should add the DNS TXT record?

The TXT validation record must be added in DNS for the domain being validated. If you do not manage DNS directly, work with your DNS administrator or local IT support team to add the TXT record provided in CERTInext.

Do I need to validate every domain I manage?

Yes. Any Stanford domain that will request or renew SSL/TLS certificates through InCommon/CERTInext must be validated in CERTInext.

What status should I see after validation is complete?

After the TXT record has been added and propagated, return to CERTInext and click Verify Now. The domain status should change to Validated.

Last modified