Status

DFN informs - GÉANT TCS: Interruption in the issuance of client certificates to be expected as of 28.08.2023

Warning Support
2023-08-28 10:18 CEST · 3 weeks, 4 days, 15 hours, 35 minutes

Updates

Investigating

Issuance for client certificates (also commonly known as user certificates or e-mail certificates) possible/restored again:
[JA] Max-Planck-Gesellschaft (MPG) – seit 06.09.2023
[JA] Soziologisches Forschungsinstitut Göttingen (SOFI) e. V. – seit 08.09.2023
[JA] Universität Göttingen – seit 22.09.2023
[NEIN] Deutsche Primatenzentrum (DPZ)
[NEIN] Verbundzentrale des GBV (VZG)
[NEIN] GWDG

September 22, 2023 · 15:30 CEST
Update

[dfnpki-d] The current state of GÉANT TCS PKI 20.09.2023: (published by DFN)

The issuance of client certificates is possible again for 127 of 521

institutions, as these institutions have been revalidated by Sectigo.

have been revalidated.

The progress is absolutely unsatisfactory. The issue is of course

already being worked on with the GÉANT Executive Team and discussed in the

DFN association committees.

September 20, 2023 · 15:16 CEST
Issue

Issuance for client certificates (also commonly known as user certificates or e-mail certificates) possible/restored again:
[JA] Max Planck Society (MPG) - since 09/06/2023
[JA] Soziologisches Forschungsinstitut Göttingen (SOFI) e. V. - since 08.09.2023
[NO] University of Göttingen
[NO] German Primate Center (DPZ)
[NO] GBV (VZG)
[NO] GWDG

September 13, 2023 · 11:55 CEST
Issue

We currently anticipate that there may be an interruption in certificate issuance for client certificates of difficult to predict duration in GÉANT TCS from 28/08/2023.
No problems are expected for server certificates.

Background: With the update to SCM 23.8, Sectigo has now created the prerequisites to be able to continue issuing certificates for e-mail use after the S/MIME BRs come into force.
Currently we see two problems:

  1. According to Sectigo, the validation of an “Organization Identifier” is required for each organization in order to continue issuing client certificates from 28.08.2023.
    The part of the process that is visible to us is such that we believe it is illusory that the Sectigo validation team could validate all Organization Identifiers by that date.
  2. As a technical side issue, idp/clientgeant is not yet adjusted. We do not know if the adjustments will be ready by the deadline.

This information is available (in German) at https://blog.pki.dfn.de/2023/08/geant-tcs-unterbrechung-bei-der-ausstellung-von-client-zertifikaten-ab-28-08-2023-zu-erwarten/

August 28, 2023 · 10:18 CEST

← Back