Ab 19. August 2020 stellt SECTIGO alle SSL Zertifikate mit einer maximalen Laufzeit von 398 Tagen (13 Monate) aus, um den Vorgaben des CA/Browser Konsortiums gerecht zu werden. SSL Zertifikate mit längerer Laufzeit müssen jeweils nach einem Jahr kostenlos neu ausgestellt werden (Erinnerung per E-Mail). SSL Zertifikate mit Ausstellung vor 19. August 2020 bleiben bis zum geplanten Ablaufdatum gültig. Code Signing und S/MIME Zertifikate sind von der neuen Regelung nicht betroffen und bleiben ebenfalls bis zum geplanten Ablaufdatum gültig.
To improve the security and reliability of certificate issuance, the CA/Browser Forum made changes to the standard File and DNS-based Domain Validation (DV) procedures. Ballot 169 – Revised Validation Requirements was unanimously approved which requires CAs to adopt these new DV practices to stay in compliance.

Symantec recently informed about these changes with an extremely aggressive timetable.

Symantec/GeoTrust/Thawte/RapidSSL - The following changes apply to all DV SSL Certificates and Encryption Everywhere Certificates:

 

File-based Authentication – this option allows you to simply upload a file – which is given to you by the CA - to a specific directory on the server to verify domain control.

 

1. Record Type changed from .HTML to .TXT

2. Random String Value doubled from 32 to 64 characters

3. File URL Path changed from <http:// or https://><root.tld>/<random file name>.html to <http:// or https://><root.tld>/.well-known/pki-validation/fileauth.txt

4. File Auth Time Stamp changed from “Time of order submission +/- 24 hours” to “Order date minus 7 days”

5. Shared Key Generation Process changed from “HMAC with SHA1” to “HMAC with SHA2”

6. Order, Reissue, and Revoke APIs changed from code “returned in response” to “removed from response”

 

 

 

DNS-based Authentication – this option allows DNS managers to create domain records - using values given to you by the CA – to verify domain control.

 

1. Record Type changed from CNAME to TXT

2. Random String Value doubled from 32 to 64 characters

3. DNS Value Location changed from "s<random string>.domain.com" to "random string in TXT record"

 


Saturday, March 11, 2017

« Zurück