From time-to-time, IdenTrust will provide information that may interest you or have an impact on the certificate program you use. Check back often for interesting updates.
Final Decommission of GSA Access Certificates for Electronic Services ACES) Program
For over twenty years, IdenTrust acted as a primary provider of GSA ACES certificates that have been used to provide secure access to multiple online government agency applications.
As of July 31, 2020, based on a GSA mandate to decommission the ACES program, IdenTrust will terminate the issuance and support of all ACES certificates. The GSA has approved IdenTrust-issued IGC Federal Bridge Certified certificates and DoD ECA certificates to replace ACES certificates.
TLS/SSL: One Year Maximum Validity Period
Starting on September 1, 2020 TLS/SSL certificates cannot be issued for a validity period greater than 398 days (13 months). This change was first announced by Apple and we anticipate that other major browser providers will follow suit. In order to comply with browser guidelines, effective August 14, 2020 IdenTrust will no longer accept applications for TLS/SSL certificates with a two-year validity period. Learn more about IdenTrust TLS Certificates: One Year Maximum Validity.
TLS/SSL Security Update
Following up with our 2017 Enhanced Security Notification, and in line with ecosystem security driven trends, effective June 14, 2020 IdenTrust will only accept communications to its systems via TLS 1.2 or higher protocols, such as the recently approved TLS 1.3 standard communications protocol.
Please let us know via Support@IdenTrust.com if you have any concerns about the supported TLS/SSL communications protocols.
Browser's TLS/SSL Notifications:
TLS/SSL Certificates for U.S. Government Trust
The Federal PKI Policy Authority (FPKIPA) has communicated a change that affects the way that browsers handle TLS/SSL certificates. The FPKIPA has requested that the Federal Common Root be removed from all browsers. This means that government-trusted certificates issued under a Federal Common Root chain, such as those issued under the DoD ECA programs, are no longer automatically trusted in standard browsers (public-trust).
Learn more about FPKIPA announcement and recommendations regarding this change.
Learn more about the difference between government-trusted and public-trusted TLS/SSL certificates