Several of our customers are impacted by the revoke of EV certificates from the TERENA SSL High Assurance CA 3 by Saturday, July 11 at 8 PM. https://crt.sh/?id=5797998
This concern all currently valid EV certificates issued under the DigiCert contract. Belnet and all national European research networks using Digicert certificates through the Géant contract are affected.
More information about the problem can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=1650910
https://sectigo.com/resource-library/security-flaw-to-force-revocation-of-intermediate-certificates-from-major-cas-sectigo-unaffected
Important information for our affected customers:
- The list you received by email should already include certain certificates that have expired and/or have already been replaced.
- Digicert cannot extend the withdrawal period as they are obliged to withdraw these certificates immediately.
- The problem only concerns EV certificates. If you have any doubts about your type of certificate, please contact servicedesk@belnet.be
- You must renew your certificates yourself. Belnet can offer you help and provide information, but unfortunately can't renew the certificates in your place.
- You must renew the certificates with the new supplier Sectigo, who is aware of the situation and will use additional resources to help everyone obtain their certificates on time.
- We bring your attention to the fact that EV certificates remain the safest, but that their validation takes longer due to a strict review of requests by Sectigo
- More technical information is available on our FAQ #Can I request an EV (Extended Validation) certificate?).
- Digicert's email regarding the revoked certificates may have been sent to someone who has left your organization or is currently on vacation. Therefore, check carefully who within your organization has been appointed as a contact person and reports about expired certificates.