Friday, October 14, 2016

Issues with GlobalSign public certs

What a mess!!!

If you use public certs from Globalsign, be aware of the issue that started yesterday with their CRLs.

We had to go in and update ALL our external-facing servers with the new Intermediate Cert they provided.

More details here - http://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0


Tips:

We use public certs on our SfB FEs too, and the same cert is also used for OAuth. We ended up removing and reapply the cert (from the SfB Wizard) so that it replicates out to the other servers and pools.

You need to remove the old Intermediate cert from the store. Search the Computer as well as the User stores and make sure you get rid of the old Intermediate one, else it will stay latched to the chain.


Can get the Intermediate cert from here -  https://support.globalsign.com/customer/portal/articles/2599710-ocsp-revocation-errors---troubleshooting-guide