Posts

3rd party SSL Certificates to Expire

All publicly trusted SSL Certificates issued to internal names and reserved IP addresses will expire by November 1, 2015.

In November 2011 the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, which took effect on July 1, 2012.

The requirements stated:

  • CAs should notify applicants prior to issuance that use of certificates with a Subject Alternative Name (SAN) extension or a Subject Common Name field containing a reserved IP address or internal server name has been deprecated by the CA/B.
  • CAs should not issue a certificate with an expiration date later than November 1, 2015 with a SAN or Subject Common Name field containing a reserved IP address or internal server Name.

To read the rest of the article from DigiCert click here.

What does this mean for you?

If you have a publicly issued certificate for a server/network resource using a name like:

  • web1
  • web1.internal-only-domain.com
  • web1.domain.local
  • web1.domain.internal
  • 192.168.x.x
  • 10.x.x.x
  • 172.16.x.x

That certificate will expire by Nov 1, 2015. This will most likely effect Exchange deployments due to the high number of sites that use internal domain names for their exchange resources. Internal CA’s certificates will continue to work. This will only effect how 3rd parties issue and deal with these types of certificates.

More information can be found at the following links:

SSL Certification: SHA-1 to SHA-2

Google’s Chrome Web browser will be updating its requirements and phasing out support for older SSL encryption algorithms (SHA-1) expiring after Dec. 31, 2015. This change may affect websites with SHA-1 certifications.

The following godaddy.com article will bring you up to date on the details, and give instructions on how to get a replacement certification with the new SHA-2 encryption.

https://garage.godaddy.com/webpro/security/google-chrome-phasing-ssl-certs-using-sha-1/

With constantly evolving technology it’s important to stay ahead of the curve. By taking a proactive approach, and upgrading your SSL certification to the SHA-2 encryption algorithm, you will be better securing your website and applications. We recommend you update your SSL encryption as soon as possible.