On Fri, Jan 23, 2015 at 12:27:52 +0100, Olav Morken wrote:
On Thu, Jan 22, 2015 at 13:32:47 +0100, Olav Morken wrote:
On Fri, Jan 16, 2015 at 15:14:33 +0100, Olav Morken wrote:
Hi,
the Feide IdP certificate expire Friday 20 February, so we have ordered and received new certificates. The new certificates will be installed Thursdag 22 January at 14:00.
The largest change with the new certificates is that they are signed using SHA-2 signatures. This should be supported by all major browsers, so we do not expect any problems with that change.
Hi,
due to a scheduling error we have to postpone this certificate change. We will get back with a new date and time for the certificate change later.
Hi,
this certificate change has been rescheduled for Thursday 29 January at 14:00.
Hi,
our backup system was already upgraded to the new SSL certificates, so when we switched to the backup system we got at test of the certificates.
We got two reports from people where the browsers gave a certificate error using the new certificate. It looks like the computers for the ones affected had an extra intermediate certificate installed which matched the root certificate of our new certificates (AddTrust External CA Root). This caused the browsers to attempt to build a certificate chain using the intermediate certificate and then display a certificate error.
Until we have determined how widespread this problem is, we are postponing the certificate change.
Best regards, Olav Morken UNINETT / Feide