See information below about the Georgia Technology Authority’s involvement with domain names and SSL certificates. Should you have questions not addressed here, please email GTA’s Roger Cundiff or Brent Palladino.


Which domain names does GTA manage?

The second-level domains and, along with the legacy domain


What is GTA’s responsibility related to and

As manager of the two domains, GTA authorizes usage of any third- and subsequent-level domain names (e.g.,, under the and second-level domains. Any such sub-domains must be registered and approved through GTA.


What’s the difference (generally) between and domains? -- Used for public facing websites. – Used for internal applications, including email.


That said, not all agencies follow this convention, and constituents will not likely differentiate between and So, if you were setting up a domain, for example, it would be advisable to also set up and have it point to


Who can request a subdomain of and/or

State of Georgia government entities only. Further, any of those entities might request a subdomain for a statewide program (e.g., eligibility for assistance programs at, the state broadband program at


How do you request a subdomain of and/or

Contact your Agency Relationship Manager (ARM). A listing of ARMs by agency is available at .


Can you request other second-level .gov domains through GTA?

No, the .gov domain is administered by the federal General Services Administration (GSA). Requests for other second-level .gov domains must be routed through the GSA at The GSA requires approval from the state CIO or the governor before granting a second-level .gov domain. GTA’s policy is not to approve any new second-level .gov domains.


Can you request a new domain on

Generally we discourage this, but we will consider such requests on a case-by-case basis.


What is GTA’s role in SSL certificates for and domains?

GTA doesn’t resell certificates or hold any contracts with certificate authorities. All certificate authorities (e.g., DigiCert, Verisign, GoDaddy) must verify legitimacy of a certificate requestor before issuing an SSL certificate by contacting the domain owner. That requires the certificate provider to secure signoff from domain owner GTA.


How do SSL certificate authorities verify legitimacy of certificate requestors?

The certificate provider will contact the .GOV Helpdesk at 877-734-4688 to learn the Administrative Point Of Contact information for the domain of interest. That helpdesk is operated by the General Services Administration, which provides POC information verbally, not in writing. Then, the certificate provider contacts the Administrative Point of Contact to seek signoff for issuing an SSL certificate. See the verification process outlined at


Would a certificate authority ever try contacting GTA without having gone through the .GOV Helpdesk?

Occasionally a certificate provider will simply guess at the likely domain owner contact information and send emails to addresses like admin@, administrator@, hostmaster@, postmaster@, or webmaster@ requesting signoff for an SSL certificate. Be aware that if you’re dealing with a certificate provider who is guessing, you’ll want to get in touch with GTA and let us know where to look for the validation email.


How can you help expedite your request for an SSL certificate?

Notify GTA’s Roger Cundiff or Brent Palladino you have requested an SSL certificate from a particular certificate provider. GTA can then be on the lookout for a request for signoff from that provider.


Is https preferred to http for any new third- or fourth-level and domains?

Yes. The SSL certificate that accompanies https provides needed security through encryption. Best practice is to default all traffic to https. Browsers now flag http traffic as dangerous and prompt warning messages for end users (example: The federal government has set a policy that “all publicly accessible Federal websites and web services only provide service through a secure connection.” (


What naming conventions apply for new domains?

  • The requesting entity is responsible for ensuring it has a right to use the requested domain name.
  • Permissible characters are letters (all lowercase) and digits. No hyphens.
  • Obscene names are not permitted.
  • Names should take the form "" and “” where "yourorg" is a string of characters (usually an acronym). Also, “yourorg” should be fewer than 10 characters.
  • Third- and subsequent-level domain names may not use “georgia” again. For example, would not be permitted.
  • Fourth-level domains are usually reserved for divisions and offices within the entity registering the third-level domain, and should be used for entire portions of websites.
  • Individual webpages should have specific addresses (e.g., and should not be represented by an entire sub-domain.


Can an agency manage its own DNS and still have a or subdomain?

No. For any DNS servers that are not managed by GTA or GTA’s service providers, no third-level or subsequent-level domains or zones will be delegated and no zone transfers will be allowed.


For an application managed by a third party, can it use a or subdomain?

Yes. Use of DNS CNAME records will be allowed on the GTA-managed DNS servers that have an alias name pointing to domain name space that is not registered or managed by GTA. Note that zone root names such as may be incompatible for CNAME usage if they are also zone apex (aka root domain, bare domain). This is referenced in the DNS standard (RFC1033). In those cases it is recommended to use a server name (e.g., and not rely on the bare root name.


How do you order and validate an SSL certificate for a fourth-level domain (of the form or

For fourth level domains, speak to someone about validation options first. If you choose domain (email validation), being fourth-level may cause verification delays since the certificate authority (CA) won’t be able to use a WHOIS query to determine the domain owner at the third (parent) level. Common practice among CAs is to guess email addresses commonly used at the third-level domain for generic website addresses. For example, the CA might email [email protected] or [email protected] to validate ownership for a certificate request for To avoid delays, either adjust the validation process per order so a named user will receive the domain validation request, or create the generic mailboxes likely to be used by your CA.


Who at GTA can address additional questions about domain names and SSL certificates?

Email GTA’s Roger Cundiff or Brent Palladino.