Dear RA admins,
(apologies for double posting)
Please find important information from QuoVadis
DigiCert + QuoVadis attached.
We expect to see the
"details of the certificates requiring replacement"
mentioned in this update soon, and will
forward any such information immediately.
Thank you for bearing with us.
Andres Aeschlimann, Teamleader Trust & Identity
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 15 75
Working for a better digital world
> Begin forwarded message:
> From: "DigiCert" <QVCC(a)digicert.com>
> Subject: Important information regarding QuoVadis TLS/SSL Issuance
> Date: 6 August 2020 at 09:00:18 CEST
> To: andres.aeschlimann(a)switch.ch
> Reply-To: "DigiCert" <QVCC(a)digicert.com>
> If you are having trouble reading this email, read the online version <https://app.updates.digicert.com/e/es?s=1701211846&e=282214&elqTrackId=9f7f…>.
> IMPORTANT UPDATE
> Dear customer of DigiCert + QuoVadis:
> We are writing as you are listed as an Administrator or Subscriber on the TrustLink platform to alert you of several changes taking place in your TLS/SSL service. We thank you for your business and cooperation.
> Change to One Year TLS/SSL Validity
> Due to changes in browser requirements, QuoVadis will change to 397 day maximum validity for public TLS/SSL on August 27, 2020 at 23:59 UTC. 397 days equates to one year validity plus limited time to accommodate early renewals. After the change, the new policies will be automatically available in customer accounts.
> This change affects all CAs industry-wide. It applies to Business SSL (OV), EV, and Qualified Web Authentication certificates.
> Two-year certificates issued before the August 27 changeover will continue to work in browsers.
> This change does not affect other certificate types including code signing, document signing, client, S/MIME certificates, or private TLS/SSL.
> Retiring the OU field for public TLS/SSL
> QuoVadis will turn off the Organizational Unit (OU) field for all new public TLS/SSL certificates starting on August 30, 2020 at 23:59 UTC. This will affect new, reissued, and renewed certificates. Existing certificates with OUs are not affected (and do not require revocation or replacement).
> The OU field is an optional field used to enter metadata in a certificate. Typically, customers use this field to indicate a department, service, or location such as “Dev Ops Team” or “Fortinet Firewall 002.” However, this field has standards limitations and cannot contain trademarks and other types of information. Industry-wide there have been issues with non-compliant information in the OU field; we and other CAs are taking proactive steps to resolve the issue.
> Required replacement of certain TLS/SSL Certificates
> An issue regarding the use of the OCSP Signing EKU in issuing CAs is affecting hundreds of CAs in the industry including QuoVadis (see more at https://www.digicert.com/blog/working-with-delegated-ocsp-responders-and-ek…) <https://app.updates.digicert.com/e/er?om_ext_cId=dc_email_7010z000000ynxCAA…>.
> If you have EV TLS/SSL issued from the following CAs, those certificates will need to be replaced in the coming months as the CAs and their related end entity certificates will be terminated. Your account manager will contact you individually to provide details of the certificates requiring replacement.
> Affected CAs and replacement:
> QuoVadis Europe SSL CA G1 – must be replaced before September 29, 2020
> QuoVadis EV SSL ICA G1 – must be replaced before September 29, 2020
> QuoVadis EV SSL ICA G3 – must be replaced before December 30, 2020
> New, compliant issuers have been created and policies are available in TrustLink. Replacement certificates from the new CAs will be issued without charge. The new CAs are:
> http://trust.quovadisglobal.com/quovadiseuropeevsslcag1.crt (replaces QuoVadis EV SSL ICA G1 and G3) <https://app.updates.digicert.com/e/er?om_ext_cId=dc_email_7010z000000ynxCAA…>
> http://trust.quovadisglobal.com/quovadiseuropesslcag2.crt (replaces QuoVadis Europe SSL CA G1) <https://app.updates.digicert.com/e/er?om_ext_cId=dc_email_7010z000000ynxCAA…>
> DigiCert’s Award-Winning CertCentral
> The TrustLink certificate management platform for TLS/SSL will ultimately be replaced with DigiCert’s award-winning CertCentral <https://app.updates.digicert.com/e/er?om_ext_cId=dc_email_7010z000000ynxCAA…>. If you would like to take immediate advantage of the features offered by CertCentral, including automation capabilities, please contact QVCC(a)digicert.com <mailto:QVCC@digicert.com>.
> Have questions or concerns? Please contact your account manager or customer support <https://app.updates.digicert.com/e/er?om_ext_cId=dc_email_7010z000000ynxCAA…>.
> Questions? Contact Support <https://app.updates.digicert.com/e/er?om_ext_cId=dc_email_7010z000000ynxCAA…>
> DigiCert, Inc.
> 2801 Thanksgiving Way, Suite 500, Lehi, Utah 84043
> Contact Us <https://app.updates.digicert.com/e/er?om_ext_cId=dc_email_7010z000000ynxCAA…>