Próximos cambios en los perfiles de certificados S/MIME
- TCS-g4 (Sectigo)
- 2024
- 2023
- 2022
- 2021
- 2020
- TCS-g3 (DigiCert)
- 2019
- 2018
- 2017
- 2016
- 2015
- 2010-2015 (SCS)
El día 16/08/2023 se ha recibido el siguiente mensaje de Sectigo relacionado con los próximos cambios en los perfiles de certificados personales:
Avoid Disruptions: New S/MIME Standards - SCM changes Effective August 28th, 2023
Dear Customer
We want to bring your attention to an important upcoming change regarding the issuance of publicly trusted S/MIME certificates. This change, driven by the esteemed CA/Browser Forum (CABF), aims to elevate the security and reliability of email communication.
The CABF has recently drafted and approved new Baseline Requirements for the issuance of Publicly Trusted S/MIME certificates, which will take effect on September 1, 2023. These changes will ensure strong encryption algorithms, secure key lengths, and reliable certificate validation procedures.
Why is this important?
Sectigo will cease issuing and renewing old SMIME certificates with the old profiles on August 28, 2023, as a result of these changes. Any S/MIME certificates obtained before August 28, 2023, with the old profile will remain valid until they expire.
What do you need to do?
As a Sectigo Certificate Manager (SCM) customer, you have two options to ensure compliance with these standards:
Option A: Renew your certificates under the existing standards before August 28, 2023.
By proactively renewing any expiring certificates before the cut-off date, you can seamlessly transition to new S/MIME certificates with ease.
Option B: Only an option after August 19, 2023.
Validate / Revalidate your organization by following the instructions in SCM.
Create new certificate profiles based on the two new certificate templates:
Public S/MIME Organization Validation Multipurpose:
This template includes email and organization information in the certificate.- Public S/MIME Sponsored Validation Multipurpose:
This template includes email, employee name, and organization information in the certificate.
Replace the certificate profiles with the new ones in the enrollment endpoints.
Issue the new SMIME certificates. See instructions here:
https://www.sectigo.com/knowledge-base/detail/New-CA-Browser-Forum-Compliant-Public-S-MIME-Certificates-in-SCM/kA05c000000ku9d
To learn more about this upcoming change and the steps you need to take to remain compliant, check out our S/MIME FAQ Infographic:
https://4887240.fs1.hubspotusercontent-na1.net/hubfs/4887240/SMIME_FAQ_Infographic_v2.pdf
We understand that the adoption of new standards may require effort and coordination within your organization. If you encounter any challenges or require assistance during the transition, do not hesitate to reach out to your account manager.
https://www.sectigo.com/contact
We appreciate your attention to this matter, and thank you for being a valued customer.
https://www.sectigo.com/
Además de la información que han enviado por correo electrónico, hemos encontrado la siguiente:
- How to Issue the New CA/Browser Forum Compliant Public S/MIME Certificates in SCM After Aug 19, 2023
FAQ de GEANT: Does my organisation need to be re-validated to issue S/MIME certificates after August 28th, 2023?
Yes, due to slight differences in the industry requirements the set of 'authentic information sources' that Sectigo has to use for organisation validation is different. Whereas for SSL validation an independent information source may be used, for S/MIME only government agency sources and Legal Entity Identifier (LEI) data references are allowed. This means Sectigo has to do re-validation. This is not triggered automatically - subscribers should initiate this via SCM. Details on how to do that will be provided before the end of August 2023.
Como siempre que hay un cambio de este tipo y para evitar problemas, nos recomiendan encarecidamente que os pidamos a vosotros, como RAOs, que solicitéis a vuestros usuarios que renueven sus certificados de cliente antes del día 28 de agosto para evitar demoras con las futuras validaciones.
Después del 28 de agosto, y una vez que tengamos disponibles los nuevos perfiles que indica Sectigo "Organization Validation" y "Sponsored Validation", crearemos los correspondientes formularios de enrolado para que se puedan solicitar los certificados personales siguiendo el nuevo procedimiento, todo esto previa revalidación de la organización.
