Basically,
this has no direct
effect on
the validity
of
already
issued
user or
server
certificates as
there are two
different
certificates
with the same name
and an identical key
.
User and
server
certificates neither have to be
re-applied
nor
exchanged
,
they are still valid!
Important: Still need for action
In some cases there actually is need for action. Since the exchangend DFN-PCA certificate will be blocked within the next few weeks, a link in the chain of trust of the user and server certificates "Deutsche Telekom Root CA 2" will become invalid. The exact date of the blocking is unknown.
Who is affected?
Affected are those subscribers of the RWTH-CA, who got issued a new user or server certificate by mid-May 2014 and who imported the certification chain from the application pages into the software by themselves.
That means: Those certification holders, who installed the certificate "CN=DFN-Verein PCA Global - G01" (valid from 12.05. - 5.08.2014) have to replace it now. The easiest way to do so is the re-import of the CA certificates, just as the subscriber did by applying it.
What to do?
Please visit the same DFN website as you did when applying the certificate. Click on the link "CA certificates" and then click "
DFN
-
PCA
certificate
SHA
-
1
"
. Open the certficate and click on "Install certificate". Confirm the both following windows with "next" before the message "The import was successful" appears.
The DFN association regrets any incovenience.