Zimbabwean websites are not secure, banned from receiving security certificates (SSL)

Posted by Read 4 Comments

Zimbabwean individuals and business entities are now banned by the Certification Authority Browser Forum from receiving Extended Validation SSL, Organization Validation (OV), and Domain Validation (DV) certificates . 

SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remains private and integral.

SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

According to SSL.com to be able to create an SSL connection a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys – a Private Key and a Public Key.


The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) – a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL. Your web server will match your issued SSL Certificate to your Private Key.

According to wiyre.com countries are usually banned or restricted when the country is experiencing a period of political unrest and the security of information traveling in and out may be compromised by the government or an outside entity.

For the potentially restricted countries–there can be a variety of reasons, one of them being that the company issuing you the SSL certificate could infringe a trade agreement by engaging in business with a website located in one of the restricted countries

The list of banned and restricted country-code top-level domains (TLDs) comprises of: AF Afghanistan; CI Cote d’Ivoire; CU Cuba; ER Eritrea; GN Guinea; IQ Iraq; IR Islamic Republic of Iran; KP Democratic People’s Republic of Korea; LR Liberia; MM Myanmar; RW Rwanda; SD Sudan; SL Sierra Leone; SS South Sudan; SY Syrian Arab Republic; ZW Zimbabwe.

The restrictions do not affect websites that already have SSL certificates, but any websites applying/applied for it as of March 2016 are being denied.

The list of banned countries Zimbabwe has found itself in is not the friendliest, although it is expected that the ban on Cuba will be lifted soon due to the lifting of their embargo by America. It is unfortunate that Zimbabweans are unable to secure their websites protecting themselves and the clients that visit the sites.

When conducting transactions online or transferring sensitive information it is important for the user to check the security status of the website.  Typically a secure website will look like this:


An insecure and potentially site may look like this:google-and-secure-sites




NetOne fires CEO Reward Kangai


Next deliberations on Zimbabwe's draft ICT legislation to be held Bulawayo, citizens urged to participate


  1. Patriotic Zimbo says:

    this is just an agenda uncovering itself. Most countries on the ban list are also under sanctions. I personally think that it is about the technology used on the websites rather than the domain. This is rubbish!!!

    1. mad says:

      kkkk true

  2. Tech Expert (TK) says:

    Thank you for the article Techzim.

    It’s not ultimate that Zimbabweans we can not acquire SSL certificates but it now depends with the vendor and the CA. For example with Comodo we can’t but with Geo Trust, Symantec, Thwart (All under Verisign) orders are decided on a case by case basis irregardless of region.

    so those who want SSL certificates can as well get them through the aforementioned CA.

    lastly not all websites require SSL certificates though. The emphasis of the article i think it was supposed to be biased to e-commerce websites not generalizing as it has been put across.

    The ban definitely is linked to the sanctions definitely by other CA.

  3. tinm@n says:

    Unless if things have changed as well, I had no issues with RapidSSL.

    It is quite likely that SSL communications are being intercepted by the Government in their pursuit to crack down on the social media activism.

    It would be a risk for them to certify such communications because of liability concerns. The natural action would be to ban any certification of traffic originating from countries that have intercepted communication.

Comments are closed.