Not sure if makes sense to continue this here or if I should have started a new thread, but I've got a few questions relating to what's in the announcement : In the immediate future (earliest possible: today; latest possible: December 16th) we will begin issuance from our new R3 intermediate . Thi…

if we left cross sign cert alone and create a new 90-day certificate in August, than in DST-cert's view it's a leaf certificate that with lifetime extends after CA's expire date. I'm not sure if that's allowed? I look though CA/B BR but cannot find rule that forbid this, but it still makes me worry. …

I noticed the other day that the cross-signed ISRG Root X2 is listed as an Intermediate certificate (for obvious reasons): [Screenshot_20201201-194111_Samsung Internet] Additionally, the self-signed ISRG Root X2 just dropped out of space (no logged at date): [Screenshot_20201201-194225_Samsung …

[image] orangepizza: I'm not sure if that's allowed There's an event on the API Calendar to prevent this from happening.

Well, even once the ACME server stops serving the DST Root X3 chain to clients, one could still configure one's web server to serve the R3-signed-by-DST intermediate to users. I think that browsers will just not accept such a chain after the R3-signed-by-DST expiration, so I don't think there's actu…

Hm, did I miss the announcement?

Yep... R3 is a go! [image] Beginning Issuance from R3 API Announcements I…

Remember that all conversations about the expiration of DST Root CA X3 (and therefore the expiration of our X3 and R3 cross-signed intermediates) are really conversations about the upcoming Chain Switch, not conversations about the switch from X3 to R3. If we had not done this changeover today, all …

The specifics of the confusion (from which this very topic came) can be found here: [image] Issuance on R3 vs. X3: is this configurable? Issuance Tech I…

Ah, Discourse didn't give any hint of new posts in that topic. I guess the API announcement section is regarded as a regular section and I should have manually selected notifications on new posts... Also, I'm wondering how many clients are out there with a hardcoded intermediate now setting a broke…

[image] Osiris: Also, I'm wondering how many clients are out there with a hardcoded intermediate now setting a broken chain. No new threads up till now about that.. We're wondering the same thing! That's one reason for the announcement thread: so that someone whose site seems to be broken by …

Questions re: Beginning Issuance from R3

Issuance Tech

griffin December 2, 2020, 3:14am 14

Yep... R3 is a go!

Topic		Replies	Views
Issuance on R3 vs. X3: is this configurable? Issuance Tech	27	8966	December 24, 2020
R3 Intermediate certificate has expired Help	133	36884	November 1, 2021
Issue from multiple intermediates during a scheduled transition period? Issuance Policy	29	2416	February 11, 2021
Force X4 root in chain before it becomes default Help	28	3956	November 6, 2020
Potential problem with R3 intermediates on Windows servers Client dev	20	6406	September 9, 2021

Questions re: Beginning Issuance from R3

Related topics