MPIC

August 20, 2025 16:41

MPIC stands for Multi-Perspective Issuance Corroboration and is a new security enhancement for SSL certificate issuance. It improves upon the traditional domain control validation by requiring checks from multiple independent networks and perspectives. This mechanism brings additional safety by ensuring that a certificate's issuance is corroborated from multiple, independent vantage points rather than one single point of view.

This update affects the following validation methods:

HTTP / HTTPS file upload validation
DNS CNAME validation

Existing certificates are not affected by this update.

When does MPIC kick in?

From September 15th, 2025, every new certificate will use MPIC for domain control validation.

Will this affect me?

For most users, this will be a seamless update - and no changes will be needed here. As usual, the domain control validation files and CNAME entries will need to be publicly reachable / visible. The usage of the ZeroSSL.com platform and service remains the same.

How does it work?

For you as a ZeroSSL user, nothing significant changes and the service functions exactly the same. On our side, it means that the validation as well as the CAA records check is performed from at least two, and up to six independent perspectives.

Why was this update made?

The decision follows new requirements of the CA/B Forum, the leading authority for public key infrastructure (Ballot SC067). The decision was made to increase security and prevent misuse.

Potential validation problem troubleshooting

HTTP file upload validation: Please keep in mind that the validation URL has to be globally, publicly accessible. You can use the following tool to check for reachability from multiple locations: URL reachability check

CNAME validation: The CNAME entry would need to be fully propagated for validation to complete successfully. You can use the following tool to check CNAME propagation: DNS propagation checker

Chatbot Disclaimer

Data Usage