System Notification for: Entrust SSP CA and Entrust NFI CA (issuing CAs) - URI change

[lachellel]

Initial notification. System notification will be posted to the site on Monday, November 30.

Todo:

• [ ] Check on the OCSP (AIA) and LDAP URIs (CDP) for the update.
• [ ] Send out notification for firewall updates as needed.

notice_date: November 25, 2020 change_type: URI Change, System Outage start_datetime: end_datetime: system: Entrust Shared Service Provider CA change_description: Certificate revocation list(s) were unavailable for PIV certificates that contain a CDP http URI pointing to an xpki.com domain. The revocation lists were unavailable for at least five (5) days. The primary authoritative source for the revocation lists served from entrust.com domains were available. Entrust managed services has updated configurations to include only the entrust.com URIs in the CDPs for all end entity certificates issued or renewed from 11/25/2020 forward. contact: fpki at gsa.gov ca_certificate_hash: ca_certificate_issuer: ca_certificate_subject: cdp_uri: aia_uri: sia_uri: ocsp_uri:

[ryancdickson]

Update (11/30/20):

• HTTP CRLDP URI now available (i.e., http://crl01.xpki.com/CRLs/EMSSSPCA3.crl)
• LDAP CRLDP URI NOT available (i.e., (ldap://ldap01.xpki.com/cn=WinCombined3,ou=Entrust%20Managed%20Services%20SSP%20CA,ou=Certification%20Authorities,o=Entrust,c=US?certificateRevocationList;binary)
  • DN: cn=WinCombined1,ou=Entrust Managed Services SSP CA,ou=Certification Authorities,o=Entrust,c=US exists, but I'm unable to find cn=WinCombined3.
• All other URIs are available.

[ryancdickson]

All HTTP / LDAP URIs are available. Notification added to live site last week. Closing issue.