All of the Moonshot documentation has been moved to the new Moonshot wiki at http://wiki.moonshot.ja.net/ Tags:  Moonshot Groups audience:  Moonshot ..read more

On Jan 14th, at 19:34:34 2021 GMT, Digicert revoked a version of the “QuoVadis Global SSL ICA G2” and “QuoVadis Global SSL ICA G3” intermediate certificates used to issue our OV certificates, without advance notification to Jisc. Many other users globally have been affected by this.                                                                                      ..read more

Introduction With the introduction of iOS 14 and Android 11, MAC address randomisation will become more prevalent and will have some implications for our eduroam(UK) members.  History Starting with iOS 8 and Android 8 mobile device operating system vendors started using randomised MAC addresses while scanning for wireless networks. These pre-association MAC addresses were random at every sweep. This was a step towards ensuring user devices could scan for wireless networks without being tracked. In an enhancement to what the vendors billed as a privacy feature, Android 10 and iOS 14 introd ..read more

Applicable to: Android 11 QPR1 and beyond. Introduction As part of ensuring the Android operating system complies with WPA3 standards (see https://www.wi-fi.org/discover-wi-fi/security, Section 5), Android will be removing the CA certificate "Do not validate" option in the Wi-Fi EAP settings as of Android 11 QPR1 that is due to be released in December 2020.  Cause Certificate validation as part of the EAP protocol in RADIUS is a fundamental security step. It ensures that the certificate presented by the server claiming to be the user's home server is signed by a CA certificate present on ..read more

The next generation of our Certificate Service is now live and ready to be used. The new service has a new subscription model based on a small number of usage classes - giving a small number of certificates for free on one end of the scale and culminating in an of an offering unlimited number of certificates for a fixed price. The pricing has been set to ensure the average organisation within each usage class pays less than they currently do overall. The new service also has many added benefits as compared to the existing service, including: Direct access to the SECTIGO certificate manager p ..read more

I wanted to let you know that we have a new certificate service launching in early 2021, and to invite you to join a pilot group which will start to use the new service in September 2020.   You may already be aware that the current contract for the certificate service, supplied by QuoVadis, is due to end in August 2021. We’ve been looking for a new partner to continue and enhance this popular service and we’re pleased to announce that Geant’s trusted certificate service has been selected as it provides excellent value for money, together with the following benefits:    Di ..read more

An issue regarding the use of the OCSP Signing EKU in issuing CAs is affecting hundreds of CAs in the industry including QuoVadis (see more at https://www.digicert.com/blog/working-with-delegated-ocsp-responders-and-eku-chaining/). We will communicate with each institution separately and provide a list of the affected certificates shortly with instruction on replacements that will be required. We will add the necessary credits to the account to issue replacements Affected CAs and replacement: QuoVadis EV SSL ICA G3 – must be replaced before December 30, 2020 Replacement CA: http://trust.quova ..read more

Please see further update from QuoVadis on the OU field Issue: Retiring the OU field for public TLS/SSL  QuoVadis will turn off the Organizational Unit (OU) field for all new public TLS/SSL certificates starting on August 31, 2020 at 00:59. This will affect new, reissued, and renewed certificates. Existing certificates with OUs are not affected (and do not require revocation or replacement).  The OU field is an optional field used to enter metadata in a certificate. Typically, customers use this field to indicate a department, service, or location such as “Dev Ops Team” or “Fortinet ..read more

Our certificate authority, QuoVadis, will start to restrict what can and cannot be entered in the 'OU' field (Organization Unit) for certificate requests. The 'OU' field, if required, is designed for divisions and departments within the organisation it is not mandatory and can be left blank. We have a number of certificates historically issued where the Organization Unit field has random entries such as copying the Organisation name, random numbers, addresses and domain names listed in them. These type of entries will no longer be accepted and if entered into the request will cause delays in ..read more

You may have read recently articles regarding Apple reducing the maximum allowed lifetime of TLS server certificates, Apple has released its official Knowledge Base article on this subject which can be found here. What does this mean for users? For your websites to be trusted by Safari, you will no longer be able to use publicly trusted TLS certificates with validity periods longer than 398 days after 30th August 2020. Any certificates issued before 1st September 2020 will still be valid, regardless of the validity period up to 825 days. What are Jisc doing? From the 1st of Septembe ..read more