Changes to ITS Enterprise SSL Certificate Service
GeoTrust, the Software Store’s supplier for Enterprise SSL certificates, has sent the following alert:
The following changes address industry standards recently adopted by the Certification Authority/Browser (CAB) Forum, and will go into effect in mid-April:
1. Subject Common Name (CN) in Subject Alternative Name (SAN) field entries: During enrollment, the GeoTrust system detects if the CN is already part of the SAN field. For no additional cost, we will automatically add the CN in a SAN field if it is not already included.
2. Certificate Life Span: We will issue only certificates with 1, 2, 3 and 4-year validity periods. We will no longer issue 5 or 6-year certificates. Effective June 14, 2015, we will no longer issue 4-year certificates.
3. Private Internet Protocol (IP) addresses and Internal Server Names: Certificates with validity end dates on or after November 1, 2015 cannot contain any private IP addresses or Internal Server Names.
4. Minimum RSA key bit length: Beginning in January 2012, 2048-bit RSA keys will be required and enforced for all new multi-year SSL certificates. After December 31, 2013, the industry is discontinuing the use of 1024-bit RSA key lengths on SSL certificates, per NIST Special Publication 800-131A; all SSL certificates will be required to have 2048-bit RSA key lengths Please plan to adopt and support 2048-bit RSA key lengths in your SSL certificates to meet these requirements.
As a result of the change noted in 2 above, the Software Store has stopped selling five year GeoTrust Enterprise SSL certificates as of today.