MPIC Enforcement Date Set for September 13, 2025

To align with CA/B Forum compliance requirements and provide a margin of safety before the official September 15 enforcement deadline, Sectigo will transition to enforcement mode for Multi-Perspective Issuance Corroboration (MPIC) on September 13, 2025.

September 5, 2025

By Sectigo Team

What is changing?
Why is this change happening?
Who is impacted?
What action is required?
Key enforcement milestone

What is changing?

Sectigo is introducing Multi-Perspective Issuance Corroboration (MPIC) for Domain Control Validation (DCV) and Certificate Authority Authorization (CAA) checks. Certificate validation will now be confirmed from multiple independent global network locations instead of a single source.

Why is this change happening?

The CA/B Forum (Ballot SC-067) requires MPIC to mitigate risks such as BGP hijacking or network manipulation that could interfere with DCV/CAA checks. Validating from multiple perspectives strengthens the security and integrity of certificate issuance.

Who is impacted?

Customers requesting publicly trusted TLS certificates using DCV methods (DNS, HTTP, ACME).
Organizations using ACME-based automation.
S/MIME certificates will follow the same requirements in the near future.

Private CA or internal PKI certificates are not affected.

What action is required?

Most customers will not need to make changes. Just ensure your systems allow validation requests from multiple locations before enforcement begins.

Key enforcement milestone

September 13, 2025: Enforcement begins. If MPIC checks do not corroborate primary DCV or CAA results, certificate issuance will not proceed.

We recommend reviewing your infrastructure if you have custom validations or geographically limited validation paths. Most Sectigo customers will not need to make any changes.