#ssl certificate

EV TLS/SSL Certificates Issue

Andrew Simpson
25 August 2020 at 3:26pm
#ssl certificate
Certificate Service
ev certificates
An issue regarding the use of the OCSP Signing EKU in issuing CAs is affecting hundreds of CAs in the industry including QuoVadis (see more at https://www.digicert.com/blog/working-with-delegated-ocsp-responders-and-eku-chaining/). We will communicate with each institution separately and provide a list of the affected certificates shortly with instruction on replacements that will be required. We will add the necessary credits to the account to issue replacements
Read more

Update - Underscore characters in dnsNames for SSL Certificates

Andrew Simpson
9 July 2020 at 11:20am
underscore
#ssl certificate
With regards to our update in September regarding the underscores in domain names for SSL certificates, The CAB Forum has now clarified their position:  “All certificates containing an underscore character in any dNSName entry and having a validity period of more than 30 days MUST be revoked prior to January 15, 2019. After April 30, 2019, underscore characters (“_”) MUST NOT be present in dNSName entries.” We will be adding the underscore character to the list of invalid characters very soon to stop these any future requests going through.
Read more

Underscore characters in dnsNames for SSL Certificates

Andrew Simpson
14 November 2018 at 4:26pm
#ssl certificate
underscore
The use of underscore characters in dnsNames is not allowed in Internet standards but has historically been treated as a gray area when used in the SAN field of TLS/SSL certificates.  Most CAs are disallowing this issuance following discussion in the CA/Browser Forum. We have  previously issued browser-trusted TLS/SSL certificates that include dnsNames with underscore characters in the SAN fields.
Read more
Subscribe to #ssl certificate