Status

DFN informs - GÉANT TCS: Interruption in the issuance of client certificates to be expected as of 28.08.2023

Warning Support
2023-08-28 10:18 CEST · 2 months, 1 week, 4 days, 7 hours, 35 minutes

Updates

Resolved

The incident has been resolved and certificates can be issued again.

November 7, 2023 · 16:47 CET
Investigating

Issuance for client certificates (also known as user certificates or e-mail certificates) possible/restored again:
[JA] Max Planck Society (MPG) - since 06.09.2023
[JA] Sociological Research Institute Göttingen (SOFI) e. V. - since 08.09.2023
[YES] German Primate Center (DPZ) - since 28/09/2023
[YES] University of Göttingen - since 11/10/2023
[YES] GWDG - since 19/10/2023
[YES] Network Headquarters of the GBV (VZG) - since 03/11/2023

November 6, 2023 · 14:06 CET
Update

The current state of GÉANT TCS PKI, as of 10/26/2023:

Client certificate issuance is now available for 433 of 521

institutions is possible again. Sectigo has thus since 12.10. 46

additional facilities since October 12.

Please do not provide certificates with first name/last name in any case.

“test” or “model person” or similar! Sectigo provides us the service to

service under the condition that the names in the certificates are

are correctly validated by us. With the new rules for

S/MIME certificates, Sectigo must actually enforce this.

October 26, 2023 · 14:57 CEST
Investigating

Issuance for client certificates (also commonly known as user certificates or e-mail certificates) possible/restored again:
[JA] Max Planck Society (MPG) - since 09/06/2023.
[JA] Sociological Research Institute Göttingen (SOFI) e. V. - since 09/08/2023
[JA] German Primate Center (DPZ) - since 09/28/2023
[JA University of Göttingen - since 11.10.2023
[YES] GWDG - since 19.10.2023
[NO] GBV Network Headquarters (VZG)

October 20, 2023 · 16:53 CEST
Investigating

Ausstellung für Client-Zertifikate (auch geläufig als Nutzerzertifikate bzw. E-Mail-Zertifikate) wieder möglich/restauriert:
[JA] Max-Planck-Gesellschaft (MPG) – seit 06.09.2023
[JA] Soziologisches Forschungsinstitut Göttingen (SOFI) e. V. – seit 08.09.2023
[JA] Deutsche Primatenzentrum (DPZ) – seit 28.09.2023
[JA Universität Göttingen – seit dem 11.10.2023
[NEIN] Verbundzentrale des GBV (VZG)
[NEIN] GWDG

October 17, 2023 · 07:24 CEST
Investigating

Der aktuelle Zustand von GÉANT TCS PKI, Stand 12.10.2023:

Die Ausstellung von Client-Zertifikaten ist nun für 387 von 521

Einrichtungen wieder möglich. Sectigo hat damit seit letzter Woche 52

weitere Einrichtungen “abgearbeitet”.

Bitte stellen Sie auf keine Fall Zertifikate mit Vorname/Nachname

“Test” oder “Mustermensch” o.ä. aus! Sectigo stellt den Dienst zur

Verfügung unter der Voraussetzung, dass die Namen in den Zertifikaten

korrekt validiert werden. Mit den neuen Regeln für

S/MIME-Zertifikate muss Sectigo dies auch tatsächlich durchsetzen.

October 17, 2023 · 07:20 CEST
Monitoring

The current state of GÉANT TCS PKI, as of 05.10.2023:

The issuance of client certificates is now possible again for 335 of 521 facilities. Sectigo has thus “processed” 105 more facilities since last week. We hope that Sectigo will continue to work at this pace.

For some facilities, whose legal basis is a bit more exceptional, there is unfortunately a delay in this chaotic situation.

October 6, 2023 · 14:11 CEST
Monitoring

Issuance for client certificates (also commonly known as user certificates or e-mail certificates) possible/restored again:
[YES] Max Planck Society (MPG) - since 09/06/2023
[YES] Sociological Research Institute Göttingen (SOFI) e. V. - since 09/08/2023
[YES] German Primate Center (DPZ) - since 09/28/2023
[NO] University of Göttingen - since October 3, 2023 defective again
[NO] GBV Network Headquarters (VZG)
[NO] GWDG

October 6, 2023 · 11:33 CEST
Monitoring

Der aktuelle Zustand von GÉANT TCS PKI, Stand 28.09.2023:

Die Ausstellung von Client-Zertifikaten ist nun für 230 von 521 Einrichtungen wieder möglich, da diese Einrichtungen von Sectigo revalidiert wurden.

Seit letzter Woche ist eine gewisse Beschleunigung des Prozesses zu beobachten. Wir agieren gegenüber Sectigo nach wie vor mit dem gebotenen Nachdruck, um alle Einrichtungen so schnell wie möglich wieder in die Lage zu versetzen, Client-Zertifikate auszustellen.

September 29, 2023 · 10:07 CEST
Monitoring

Issuance for client certificates (also commonly known as user certificates or e-mail certificates) possible/restored again:
[JA] Max-Planck-Gesellschaft (MPG) – seit 06.09.2023
[JA] Soziologisches Forschungsinstitut Göttingen (SOFI) e. V. – seit 08.09.2023
[JA] Universität Göttingen – seit 22.09.2023
[JA] Deutsche Primatenzentrum (DPZ) – seit 28.09.2023
[NEIN] Verbundzentrale des GBV (VZG)
[NEIN] GWDG

September 28, 2023 · 14:13 CEST
Monitoring

Issuance for client certificates (also commonly known as user certificates or e-mail certificates) possible/restored again:
[JA] Max-Planck-Gesellschaft (MPG) – seit 06.09.2023
[JA] Soziologisches Forschungsinstitut Göttingen (SOFI) e. V. – seit 08.09.2023
[JA] Universität Göttingen – seit 22.09.2023
[NEIN] Deutsche Primatenzentrum (DPZ)
[NEIN] Verbundzentrale des GBV (VZG)
[NEIN] GWDG

September 22, 2023 · 15:30 CEST
Monitoring

[dfnpki-d] The current state of GÉANT TCS PKI 20.09.2023: (published by DFN)

The issuance of client certificates is possible again for 127 of 521

institutions, as these institutions have been revalidated by Sectigo.

have been revalidated.

The progress is absolutely unsatisfactory. The issue is of course

already being worked on with the GÉANT Executive Team and discussed in the

DFN association committees.

September 20, 2023 · 15:16 CEST
Monitoring

Issuance for client certificates (also commonly known as user certificates or e-mail certificates) possible/restored again:
[JA] Max Planck Society (MPG) - since 09/06/2023
[JA] Soziologisches Forschungsinstitut Göttingen (SOFI) e. V. - since 08.09.2023
[NO] University of Göttingen
[NO] German Primate Center (DPZ)
[NO] GBV (VZG)
[NO] GWDG

September 13, 2023 · 11:55 CEST
Issue

We currently anticipate that there may be an interruption in certificate issuance for client certificates of difficult to predict duration in GÉANT TCS from 28/08/2023.
No problems are expected for server certificates.

Background: With the update to SCM 23.8, Sectigo has now created the prerequisites to be able to continue issuing certificates for e-mail use after the S/MIME BRs come into force.
Currently we see two problems:

  1. According to Sectigo, the validation of an “Organization Identifier” is required for each organization in order to continue issuing client certificates from 28.08.2023.
    The part of the process that is visible to us is such that we believe it is illusory that the Sectigo validation team could validate all Organization Identifiers by that date.
  2. As a technical side issue, idp/clientgeant is not yet adjusted. We do not know if the adjustments will be ready by the deadline.

This information is available (in German) at https://blog.pki.dfn.de/2023/08/geant-tcs-unterbrechung-bei-der-ausstellung-von-client-zertifikaten-ab-28-08-2023-zu-erwarten/

August 28, 2023 · 10:18 CEST

← Back