Private Key Security and Use Policy
DNSimple Corporation is an SSL certificate reseller. As a service to our customers we provide Certificate Signing Request (CSR) generation via our website and our API. As part of this process, we generate a private key for use in the CSR generation. For CSRs generated in this fashion, the private key is stored in DNSimple's systems.
Private keys are stored using strong, modern encryption, using the ChaCha20-Poly1305 algorithm, and are only decrypted when requested by the customer either for direct download via the DNSimple website or API. Private keys are never presented in HTML pages, they are only available as a file download to customers. The transmission of a private key, either via API or the website, is always secured by an HTTPS connection.
Private keys are only accessible to customers once a certificate is issued. Once a certificate is issued the customer may delete the private key from our system via the DNSimple website or API. If a private key is not deleted by a customer, then we may retain that private key indefinitely.
For certificates issued by Sectigo, customers may choose to submit a CSR that they generated as an alternative to having DNSimple generate the CSR. In this case, private key material is never provided to DNSimple. We will never ask for your private key material to be sent or uploaded into DNSimple.
Last modified: March 28th, 2018