My school uses IPSCA SSL Certificates because they are free for higher ed institutions. They have worked fairly well over the past several years. However, a brief check made us realize that their root certificate will expire on December 29th invalidating all of our campus's certificates.
At the time of the discovery, they did not have a new certificate installed on any browsers. In fact at the time of this posting, only Internet Explorer has their new root certificate. What this means, is that viewers of your website after December 29th will receive an invalid certificate warning, unless they have the most recent December Microsoft updates, and are running on Internet Explorer. Anyone who visits a secure site that uses IPSCA certificates after December 29th on another browser, will get an invalid security certificate error message.
As a result, we have moved to GoDaddy. They offer fairly decent prices, and as an added bonus allow us to track certificates automatically.
IPSCA did not even send out a notification to its users until December 22nd!! (7 days before all of their certs expire).
So if you, or your organization uses IPSCA certificates, at this time, I highly recommend that you move to a different organization. Otherwise, come that day... you're going to have a lot of interrupted services on your machines, because even though the SSL may be valid, the root that it points to will be invalid.
If you wish to stick with IPSCA, you can now renew with a new certificate, and if you pay they are offering you 2 to 3 months (depending on which email you get from them) of extended service on your certificate. But you will need to renew it, and install a new chain certificate for it to continue working. However, note, that as of December 23rd... only IE users who have installed the most recent patch will see your certificate as valid.
Happy Festivus,
Paul
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment