Edit this page

Announcements

These announcements and hot topics concern Federal Public Key Infrastructure changes that may affect your agency’s operations.


TLS Certificate Lifetime Requirement

Date: May 10, 2018
Description: Recent changes to Chrome could affect your agency. Chrome users may receive errors when browsing to government intranet websites and applications. Starting March 1, 2018, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures.


Chrome Certificate Transparency Requirements

Date: May 10, 2018
Description: Upcoming changes to Chrome could affect your agency. This change requires all TLS/SSL certificates to appear in a CT log when they validate to a Root CA certificate distributed through an Operating System (OS) trust store. The Microsoft and Apple Trust Stores currently distribute the U.S. Government Root CA (Federal Common Policy CA) certificate. This change will take effect starting with Chrome 68 and will affect any TLS/SSL certificate issued after April 30, 2018.


Federal Common Policy CA Removal from Microsoft Trust Store Impact

Date: May 18, 2018
Description: Upcoming changes regarding Microsoft’s Trusted Root Program could impact your agency. The Federal PKI Policy Authority has elected to remove our U.S. Government Root CA certificate (Federal Common Policy CA) from the Microsoft Trust Store.

This change will cause Windows users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for the government intranets and government-furnished equipment by using configuration management tools for federal devices. This announcement will be updated with new information and procedures as soon as they are available.