Security

Reply
Moderator

Changes to Certificate Authority Guidelines for SSL Cert issuance

Team ClearPass,

 

As most of you will hopefully know come November the 1st 2015 there is a change in the way the CA's will/will-not issue Public Certificates. I've capture these changes and updated the Certificate 101 TechNote. You can find the guidance and details about that change in a 2-page section I've added.

 

All publicly trusted SSL Certificates issued to internal names and reserved IP addresses will expire before November 1, 2015.

In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012.

 

These requirements state:

CAs should notify applicants prior to issuance that use of certificates with a Subject Alternative Name (SAN) extension or a Subject Common Name field containing a reserved IP address or internal server name has been deprecated by the CA/B.


CAs should not issue a certificate with an expiration date later than November 1, 2015 with a SAN or Subject Common Name field containing a reserved IP address or internal server Name.

 

 

The technote is available in the usual location on the support site here:- CPPM - Certificates 101 TechNote V1.2.pdf


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: Changes to Certificate Authority Guidelines for SSL Cert issuance

Now we just need some native LetsEncrypt certificate enrollment in CPPM and the controllers!

 

Feature Request

Vote here: https://arubanetworkskb.secure.force.com/prm/ideas/viewIdea.apexp?id=08733000000HBBh

 

https://letsencrypt.org/howitworks/


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: