More
livechat

Loading

Symantes has changed issuing rules for its SSL certs

Symantes has changed issuing rules for its SSL certs

07-07-2012 14:04:00

Symantec has announced changes with issuing SSL certificates. They concern the certificates secure domain name (the standard) and Code Signing.

First point of changes is validity period of certificates. Except for Extended Validation (EV) SSL certificates and code signing certificates, all new SSL certificates issued AFTER the June 7th, 2012 release will have a maximum validity period of up to 4 years. EV SSL certificates will continue to have a maximum validity period of up to 2 years. With the April 1st 2015 deadline, all new SSL certificates, except for EV SSL certificates, will have a maximum validity period of 3 years. As before, EV SSL certificates will continue to have a maximum validity period of 2 years.

Subject Alternative Name (SAN) extension and Subject Common Name (CN) field changes:

  • CN is included in SAN fields at no additional charge,
  • starting in April 2012, Symantec will not issue a certificate with an expiration date later than November 1st, 2015 that has a SAN or CN field containing a Reserved IP Address or Internal Server Name,
  • Symantec will revoke any unexpired certificate that has a SAN or CN with a reserved IP or non-FQDN, effective October 1st 2016,
  • Symantec will mandate the inclusion of the following in OV and EV SSL certificates: "Locality Name", "State or Province Name", "Country Name",
  • the following two parameters are OPTIONAL: "Street Address", "Postal Code",
  • the Organization and Country fields are being removed from Domain validated certificates,
  • Symantec will be phasing this change in by brand over the coming weeks and have it completed by July 1st.


The third change is about root key. Starting January 1st, 2014, the industry is discontinuing the use of 1024-bit key length on SSL certificates and Code Signing products. This is in compliance with NIST Special Publication 800-131A. Beginning January 2012, 2048-bit keys will be enforced on all new multi-year Code Signing products and SSL certificates. All Code Signing products and SSL certificates will be required to have 2048-bit key lengths after December 31st, 2013. Please plan the adoption of 2048-bit key lengths in your Code Signing products and SSL certificates accordingly.
 

Recent Posts

GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?
18-05-2018 15:47:40

General Data Protection Regulation (GDPR) is a 99-article regulation meant to protect the private data of Europeans in IT systems. Announced in 2016, covers a broad variety of topics and will go into effect as a requirement on May 25, 2018. GDPR applies to any company doing business in Europe even if it is located elsewhere.

GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?
Deadlines for replacing Symantec Group certificates
08-12-2017 14:11:50

In November this year we wrote about the need to replace SSL certificates issued by Symantec Group. Find out the dates when you need to re-issue your certificates.

Deadlines for replacing Symantec Group certificates
CA Comodo sold to Francisco Partners
07-12-2017 11:21:38

The majority of Comodo Certification Authority (CA) shares were sold to Francisco Partners for an undisclosed amount.

CA Comodo sold to Francisco Partners
more posts