Call To Action

In a bid to create more awareness around COVID-19 Government has called on all .za domain name holders that have an associated website to create a landing page with a visible link to For more details see section 5.1.4 of Regulation No. 43164 published on 26 March 2020.

ZA SSL Requirements

Table of Contents

1. Authentication and available certificates
2. Minumum SSL requirements
3. Production server SSL requirements
4. How to generate an SSL certificate
5. Rolling SSL certificate procedure

Authentication and Available Certificates

The server requires dual SSL authentication, thus a certificate is required (X509).
The certificate can be either self signed or verified by a Certification Authority.

Please see the links below for OT&E and Production server Certificates if required. The certificates apply to the Co.Za, Web.Za, Net.Za and Org.Za namespaces.

OT&E Server Certificate


Co.Za Production Server Certificate


Web.Za, Net.Za and Org.Za Production Server Certificate

Minimum SSL Requirements

The certificate must be in X509 certificate format. Please do not submit a private key or a combination of private/public key.
The X509 certificate may be signed by a Certification Authority or the certificate can be self signed. An example of a certificate can be seen by downloading the file below:

Example X509 Signed Certificate

If the certificate that was provided has been loaded and installed on our end but there are still some SSL problems when connecting to our server, please log a ticket here and include the results of the following command:

openssl x509 -noout -in CERT_FILE -fingerprint -md5
where "CERT_FILE" is the certificate that you are using to connect.

Production Server SSL Requirements

Minimum SSL Requirements
The minimum requirements include:
1. A key strength/length of 1024 bits
2. A key with a maximum of 5 years of usage from creation, with a minimum of 1 year of usage

Recommended SSL Requirements
The recommended requirements include:
1. A key strength/length of 2048 bits
2. A key with a maximum of 1 year of usage from creation

How to Generate an SSL Certificate

The following is an example of how to generate an SSL Certificate.
The example assumes the use of a UNIX computer with command line access and openssl installed. 

Run the following in the command line:
1. openssl genrsa -out epp.key 1024
2. openssl req -new -x509 -key epp.key -out epp.crt -days 1095
3. cat epp.key epp.crt > epp.pem
The 1st command creates your private key.
The 2nd command creates the public certificate that you will upload to our portal.
The 3rd command creates the .pem file that the EPP example files make use of.
Once the key has been generated and you have been prompted by our system, upload the created epp.crt file. The epp.crt file is your public certificate.

DO NOT send us the .key or .pem file. Uploading either of these files will reveal your private key, rendering the use of SSL keys null. If either of the files are provided, a new key will have to be generated.
To create an SSL Certificate using a Windows computer, please install openssl from here
Run the following commands in the command line:

1. openssl  genrsa -out epp.key 1024
2. openssl req -new -x509 -key epp.key -out epp.crt -days 1095
3. type epp.key > epp.pem
4. type epp.crt >> epp.pem 

Once the key has been generated and you have been prompted by our system, upload the created C:\OpenSSL-Win32\bin\epp.crt file.

Rolling SSL Certificate Procedure

To rollover the current SSL Certificate, navigate to the Registrar Panel, then click on the namespace you would like to manage under the INTEGRATIONS heading.

Once you have selected the integration to be updated, use the options available under the "SSL Certificates" section of the content page

For all Live accounts you will see the active SSL Certificate loaded for the namespace. Subject, Validity, MD5 and SHA1 information is displayed.


Browse to your local SSL Certificate file for upload. Click submit and your cert will be uploaded and checked for validity. Only .txt , .crt, .pem, .cer and .cert files are permitted for upload. No Private Keys will be accepted!

If valid then the SHA1, MD5 and validity dates are displayed. Click Next to continue.

If successful, you will see the following message displayed "SSL Certificate successfully added".



Last update: 04-06-2020 12:46:43

festive season

As the end of the year approaches, please keep in mind the following information to avoid any frustrations over the holiday period.


Closure Date:

Our offices will be closed from the 21st of December 2020 and will reopen on the 4th of January 2021. We will have skeleton staff on standby to attend to urgent customer queries.


Contact details:
EPP and Legacy Support:
EPP and Legacy Accounts: 


Happy holidays and let us continue to maintain social distancing as we approach this peak time!




Technical Support

All issues and questions relating to the EPP Registry Registrar System must be raised in the Contact/Support pages through the Registrar Portal. This is to ensure that our support department tracks and addresses all issues. Log in to the Registrar Portal and submit a support request online.


Registrar Noticeboard

Click here for the latest status updates.