More
Symantes has changed issuing rules for its SSL certs

Symantes has changed issuing rules for its SSL certs

07-07-2012 14:04:00

Symantec has announced changes with issuing SSL certificates. They concern the certificates secure domain name (the standard) and Code Signing.

First point of changes is validity period of certificates. Except for Extended Validation (EV) SSL certificates and code signing certificates, all new SSL certificates issued AFTER the June 7th, 2012 release will have a maximum validity period of up to 4 years. EV SSL certificates will continue to have a maximum validity period of up to 2 years. With the April 1st 2015 deadline, all new SSL certificates, except for EV SSL certificates, will have a maximum validity period of 3 years. As before, EV SSL certificates will continue to have a maximum validity period of 2 years.

Subject Alternative Name (SAN) extension and Subject Common Name (CN) field changes:

  • CN is included in SAN fields at no additional charge,
  • starting in April 2012, Symantec will not issue a certificate with an expiration date later than November 1st, 2015 that has a SAN or CN field containing a Reserved IP Address or Internal Server Name,
  • Symantec will revoke any unexpired certificate that has a SAN or CN with a reserved IP or non-FQDN, effective October 1st 2016,
  • Symantec will mandate the inclusion of the following in OV and EV SSL certificates: "Locality Name", "State or Province Name", "Country Name",
  • the following two parameters are OPTIONAL: "Street Address", "Postal Code",
  • the Organization and Country fields are being removed from Domain validated certificates,
  • Symantec will be phasing this change in by brand over the coming weeks and have it completed by July 1st.


The third change is about root key. Starting January 1st, 2014, the industry is discontinuing the use of 1024-bit key length on SSL certificates and Code Signing products. This is in compliance with NIST Special Publication 800-131A. Beginning January 2012, 2048-bit keys will be enforced on all new multi-year Code Signing products and SSL certificates. All Code Signing products and SSL certificates will be required to have 2048-bit key lengths after December 31st, 2013. Please plan the adoption of 2048-bit key lengths in your Code Signing products and SSL certificates accordingly.
 

Recent Posts

Comodo / Sectigo is changing its Root CAs
28-12-2018 11:23:52

Sectigo, formerly known as Comodo CA, is entering the next phase of its transition: it’s replacing Comodo CA roots with USERTrust roots on January 14, 2019. Why it happens and what it will mean to Sectigo customers?

Comodo / Sectigo is changing its Root CAs
Comodo is now Sectigo
09-11-2018 12:54:30

According to previous announcements, a year after the acquisition of Comodo Group by Francisco Partners, on November 1 Comodo CA announced that from now on it is changing its brand to Sectigo [pronounced. sec-tee-go]. The goal of rebranding is consistency in company communication and better dedication to what Comodo is doing now.

Comodo is now Sectigo
European Cyber Security Month 2018
27-09-2018 10:46:21

The European Union Agency for Network and Information Security (ENISA), which is the center of knowledge about cyber security in Europe, organizes as every year in October the European Cyber Security Month. The campaign is starting in a few days. What is its purpose and how can you participate in it?

European Cyber Security Month 2018
more posts