Unplanned Outage: We are currently experiencing difficulties with the Cornell University
Last Updated:
2010-08-02 04:00:00
Event:
2010-07-27 04:00:00
Status:
Closed
Brief Description:
User Impact:
N/A
Workaround:
There is no workaround for this issue
Current Status:
N/A
Services Affected:
Full Description:
We are currently experiencing difficulties with the Cornell University SSL Certificate Service:\n\nhttp://identity.cit.cornell.edu/ssl/index.html\n\nThe problems appear to be related to a recent upgrade to the Geotrust public root certification authorities. Until they are resolved with the vendor the self-service site at the above URL will be unavailable. If you have any immediate concerns or if you have obtained a certificate after 7/22 which is returning browser errors please contact idmgmt@cornell.edu. \n
CIT TDX ID:
Timeline of Changes
| Description | Current Status | Date | Time |
|---|---|---|---|
| The immediate service problem resulting from a recent upgrade to the Geotrust public root certification authorities has been addressed. Campus customers will no longer receive an error message when submitting a request with a CSR using a key bit strength of 1024. We strongly recommend, however, that you use the stronger key bit length of 2048. \n\nThe other service problem we have seen is that certs generated since the Geotrust upgrade return an error in Firefox indicating an untrusted connection. We have tested other browsers and find that they do not generate such an error. To address the Firefox case you must install an intermediate CA certificate on the web server before installing the new cert. Additional information is available here:\n\nhttps://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1421&actp=search&viewlocale=en_US\n\nHow this is done varies depending on the web server ...\n\nhttps://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO15065&actp=search&viewlocale=en_US\n\nWe have confirmed that when the intermediate CA cert is installed, Firefox no longer shows the problem. \n | The immediate service problem resulting from a recent upgrade to the Geotrust public root certification authorities has been addressed. Campus customers will no longer receive an error message when submitting a request with a CSR using a key bit strength of 1024. We strongly recommend, however, that you use the stronger key bit length of 2048. \n\nThe other service problem we have seen is that certs generated since the Geotrust upgrade return an error in Firefox indicating an untrusted connection. We have tested other browsers and find that they do not generate such an error. To address the Firefox case you must install an intermediate CA certificate on the web server before installing the new cert. Additional information is available here:\n\nhttps://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1421&actp=search&viewlocale=en_US\n\nHow this is done varies depending on the web server ...\n\nhttps://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO15065&actp=search&viewlocale=en_US\n\nWe have confirmed that when the intermediate CA cert is installed, Firefox no longer shows the problem. \n | 2010-08-02 | 04:00:00 |
| Technicians are working with the vendor to resolve this issue. | Technicians are working with the vendor to resolve this issue. | 2010-07-27 | 04:00:00 |