20140127 - Expiration of GlobalSign Root CA intermediate
GlobalSign Root CA intermediate certificate used for the issuance of Extended Validation (EV) certificates expires on January 28th, 2014.
If you do have a currently valid GlobalSign EV certificate, you'll have to realize a modification on your server to replace this intermediate certificate.
The certificate to be replaced is:
OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
(serial number 04:00:00:00:00:01:10:0b:8c:9e:8b)
You'll find it here: GlobalSign Root CA - R2 (exp 2014)
It has to be replaced by:
OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
(serail number 04:00:00:00:00:01:2f:4e:e1:49:52)
You'll find it here: GlobalSign Root CA - R2 (exp 2028)
Or here under:
-----BEGIN CERTIFICATE----- MIIETDCCAzSgAwIBAgILBAAAAAABL07hSVIwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNjEyMTUwODAw MDBaFw0yODAxMjgxMjAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD QSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4h VJsL03+EcPoSs8u/h1/Gf4bTsjBc1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtK pspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoHL7Qed7+KD7UCfBuWuMW5Oiy81hK5 61l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN8LgtyyHK1WxbfeGgKYSh +dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2G/YZeoXgbfJh E4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLKA8Kb jwIDAQABo4IBIjCCAR4wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w HQYDVR0OBBYEFJviB1dnHB7AagbeWbSaLd/cGYYuMEcGA1UdIARAMD4wPAYEVR0g ADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBv c2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24u bmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDov L29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMB8GA1UdIwQYMBaAFGB7ZhpFDZfK iVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQCZIivuijLTDAd+3RsgK1Bq lpEG2r5u13KWrVM/fvWPQufQ62SlZfLz4z0/WzEMfHmEOpeMDx+uwbzy67ig70H9 vDGp/MlC5kS+HlbKdYuySTGZ/urpcWSGeo/l1WERQ+hAuzEM4tsYi5l0OGGrJICM +ag710nWZooYc8y8BjmLEDIODdOx9+9mExBZSMjPAcqZzJBymNs67cunu+JscI6m nmhj7Y+3LQWJztlU9k6rHkbbMEk/9mrgAfC8zYTUOfdVjgMVcdOdNO2dxtHIqsWE OTsN/SknUh6Dq0gjhVhQs5XGC7Mm4xYtqDDcA1BtXNEMzSqhR5rPIBvbQ4gfwvzg -----END CERTIFICATE-----
You may also be impacted by the expiration of the Globalsign Root CA. Consult Globalsign notice.
How to realize this operation?
Under Apache
If you are using Apache, modify the chain file:
- download the new chain file
- locate the chain file by checking its location in your Apache configuration file
- make a backup copy of this file
- replace the content of the file by the content of the file you downloaded (step 1) chain_globalsign_ev_2014.txt
- restart Apache
Under Microsoft IIS
If you are using Microsoft IIS, you'll have to change the GlobalSign Root CA - R2 certificate in the MMC:
- Launch the MMC as described in the section 1 here: Install intermediate certificates or root certificates manually
- place the new intermediate certificate on your desktop
- in the MMC, in the "Intermediate Certification Authorities" file, delete the "GlobalSign Root CA - R2" certificate
- in the MMC, in the "Intermediate Certification Authorities" file, import (right click, all tasks, import) the certificate you placed on your desktop (step 2)
- restart your IIS server
Our technical support is at your service to assist you and make sure the operation has been done correctly.