Download as PDF
Article
On Jan 14th, at 19:34:34 2021 GMT, Digicert revoked a version of the “QuoVadis Global SSL ICA G2” and “QuoVadis Global SSL ICA G3” intermediate certificates used to issue our OV certificates, without advance notification to Jisc. Many other users globally have been affected by this.
Article
15/01/2020:
Hello
It has been brought to our attention that many certificates issued via the old version of the Jisc Certificate Service (provided by Digicert/QuoVadis) are, as of last night, showing browser errors due to revocation of the issuing intermediate certificate. This is due to Digicert revoking an old version of the intermediate (not the certificates themselves).
Article
An issue regarding the use of the OCSP Signing EKU in issuing CAs is affecting hundreds of CAs in the industry including QuoVadis (see more at https://www.digicert.com/blog/working-with-delegated-ocsp-responders-and-eku-chaining/).
We will communicate with each institution separately and provide a list of the affected certificates shortly with instruction on replacements that will be required. We will add the necessary credits to the account to issue replacements
Article
Please see further update from QuoVadis on the OU field Issue:
Retiring the OU field for public TLS/SSL
QuoVadis will turn off the Organizational Unit (OU) field for all new public TLS/SSL certificates starting on August 31, 2020 at 00:59. This will affect new, reissued, and renewed certificates. Existing certificates with OUs are not affected (and do not require revocation or replacement).
Article
Our certificate authority, QuoVadis, will start to restrict what can and cannot be entered in the 'OU' field (Organization Unit) for certificate requests. The 'OU' field, if required, is designed for divisions and departments within the organisation it is not mandatory and can be left blank.
Article
You may have read recently articles regarding Apple reducing the maximum allowed lifetime of TLS server certificates, Apple has released its official Knowledge Base article on this subject which can be found here.
Article
With regards to our update in September regarding the underscores in domain names for SSL certificates, The CAB Forum has now clarified their position:
“All certificates containing an underscore character in any dNSName entry and having a validity period of more than 30 days MUST be revoked prior to January 15, 2019.
After April 30, 2019, underscore characters (“_”) MUST NOT be present in dNSName entries.”
We will be adding the underscore character to the list of invalid characters very soon to stop these any future requests going through.
Article
As a user of the certificate service, I wanted to let you know that our supplier is increasing the tariff prices on this service in addition to increasing administration costs. This means that as of 1 October 2019, the cost of credits will change as per the table below.
Any credits bought between now and 1st of October will be charged at the current price and remain valid for two years.
|
Mixed SSL Credits: |
Article
Jisc’s Certificate Service is due for re-procurement in 2021 and as part of this process we want to get your views.
We are inviting those who use the service to take part in a workshop on Tuesday 24th September at Jisc’s offices in London. During the day we will be asking for your feedback on the existing service and provide you with the opportunity to discuss any additional functionality that would enhance the service.
The workshop will start at 10:30 and finish at 15:00 – lunch will be provided.
Article
The use of underscore characters in dnsNames is not allowed in Internet standards but has historically been treated as a gray area when used in the SAN field of TLS/SSL certificates. Most CAs are disallowing this issuance following discussion in the CA/Browser Forum.
We have previously issued browser-trusted TLS/SSL certificates that include dnsNames with underscore characters in the SAN fields.
Prev | Next