Mais
livechat

Subir

Symantes has changed issuing rules for its SSL certs

Symantes has changed issuing rules for its SSL certs

07-07-2012 14:04:00

Symantec has announced changes with issuing SSL certificates. They concern the certificates secure domain name (the standard) and Code Signing.

First point of changes is validity period of certificates. Except for Extended Validation (EV) SSL certificates and code signing certificates, all new SSL certificates issued AFTER the June 7th, 2012 release will have a maximum validity period of up to 4 years. EV SSL certificates will continue to have a maximum validity period of up to 2 years. With the April 1st 2015 deadline, all new SSL certificates, except for EV SSL certificates, will have a maximum validity period of 3 years. As before, EV SSL certificates will continue to have a maximum validity period of 2 years.

Subject Alternative Name (SAN) extension and Subject Common Name (CN) field changes:

  • CN is included in SAN fields at no additional charge,
  • starting in April 2012, Symantec will not issue a certificate with an expiration date later than November 1st, 2015 that has a SAN or CN field containing a Reserved IP Address or Internal Server Name,
  • Symantec will revoke any unexpired certificate that has a SAN or CN with a reserved IP or non-FQDN, effective October 1st 2016,
  • Symantec will mandate the inclusion of the following in OV and EV SSL certificates: "Locality Name", "State or Province Name", "Country Name",
  • the following two parameters are OPTIONAL: "Street Address", "Postal Code",
  • the Organization and Country fields are being removed from Domain validated certificates,
  • Symantec will be phasing this change in by brand over the coming weeks and have it completed by July 1st.


The third change is about root key. Starting January 1st, 2014, the industry is discontinuing the use of 1024-bit key length on SSL certificates and Code Signing products. This is in compliance with NIST Special Publication 800-131A. Beginning January 2012, 2048-bit keys will be enforced on all new multi-year Code Signing products and SSL certificates. All Code Signing products and SSL certificates will be required to have 2048-bit key lengths after December 31st, 2013. Please plan the adoption of 2048-bit key lengths in your Code Signing products and SSL certificates accordingly.
 

Mensagens recentes

Google AdWords requires an SSL certificate?
03-07-2017 11:56:53

If you run a online business, you are sure to use Google AdWords. Perhaps this is one of the main traffic sources on your site, so the last message you want to see is "Your account has been suspended ...". And yet, you can expect it if your site is not SSL-secured.

Google AdWords requires an SSL certificate?
Comodo and DomenySSL are deprecating SGC
06-07-2016 13:23:42

Starting 1st of August 2016, Comodo and DomenySSL will no longer offer SGC variants of certificates. As your account has a valid SGC certificate which will be up for renewal in the future, the company has prepared a list of recommended alternatives.

Comodo and DomenySSL are deprecating SGC
Thawte pampers clients
04-07-2016 12:22:58

Thawte is only one of the few vendors outside of the United States. As the main competitor of American vendors quickly gained a 40 % share of the market SSL certificates.
 

Thawte pampers clients
mais posts