Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Reduce the Domain Validation time with Symantec Automated Authentication Process
1. The Symantec API offers the capability to authenticate
DV SSL/TLS Certificates via File and DNS Authentication:
a Partner Solution with many benefits.
Symantec’s new authentication capabilities, available through
our API, have been designed to drive faster issuance times.
This will remove the customer as the bottleneck from the
manual approval process and thereby support higher renewal
rates and provide a better customer experience, whilst reducing
SSL/TLS management costs for partners.
Symantec’s API provides capabilities to support automated
SSL/TLS lifecycle management and offers automated
authentication capability through DNS Auth and File Auth
that support automated Enroll, Revoke, Reissue and Cancel
Workflows which are fast, simple and flexible.
Symantec’s new authentication capabilities provide partners
with a more efficient authentication process that offers
benefits for both partners and customers:
Faster and simpler domain
validation for partners
Cut domain validation time to just seconds while increasing
customer satisfaction with the Symantec Partner API and
Automated Authentication process.
Symantec provide authentication practices through a variety of WHOIS, File and DNS authentication capabilities.
Traditional WHOIS authentication relies on manual processes that require user intervention and can lead to lower
adoption rates, lower success rates, higher time for cert issuance and hence higher complexity for partners
to offer their package/bundle to the end customer. With the Symantec Partner API, the automated workflow
will reduce issuance time and even allow instant issuance at lower costs for Symantec Website
Security Partners.
Faster and more efficient
Seamless automation
Increased renewal rates
No reliance on manual interaction
Less costly follow ups
24/7 support
Simple and easy to integrate with necessary API
documentation and code library
Less error prone
Support for Reissue, Revoke, Cancel in addition to
Enroll which makes it easier for partners not only
to enroll but also to manage complete life cycle
HOW DOMAIN VALIDATION WORKS
Requestor submits order and an email is
automatically generated to user's inbox for approval
If email is not responded to, Symantec representative
has to manually verify with requestor
If any of these steps cannot be completed by email,
authorisation phone calls are required to verify the domain
name and ownership
Symantec completes a WHOIS lookup for the domain
name to verify the ownership
Requestor receives and approves email
Manual Process
As demonstrated in the diagram above, a manual process can
include a number of human interactions in order to process the
order. This could lead to delays in order processing, lapsing of the
certificate validity (certificate expires) or multiple order cycles to
account for any human error.