Edit this page

Announcements

These announcements and hot topics concern Federal Public Key Infrastructure changes that may affect your agency’s operations.


TLS Certificate Lifetime Requirement

Date: May 10, 2018
Description: Recent changes to Chrome could affect your agency. Chrome users may receive errors when browsing to government intranet websites and applications. Starting March 1, 2018, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures.


Chrome Certificate Transparency Requirements

Date: August 10, 2018
Description: As of July 24, 2018, Google is now enforcing Certificate Transparency (CT) for Chrome 68 and above. This change could affect your agency. This means that all TLS/SSL certificates issued after April 30, 2018, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log in order to be trusted by Chrome 68 and above. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors.


Federal Common Policy CA Removal from Microsoft Trust Store Impact

Date: May 18, 2018
Description: Upcoming changes regarding Microsoft’s Trusted Root Program could impact your agency. The Federal PKI Policy Authority has elected to remove our U.S. Government Root CA certificate (Federal Common Policy CA) from the Microsoft Trust Store.

This change will cause Windows users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for the government intranets and government-furnished equipment by using configuration management tools for federal devices. This announcement will be updated with new information and procedures as soon as they are available.


Federal Common Policy CA Removal from Apple Trust Stores Impact

Date: September 13, 2018
Description: Upcoming changes regarding Apple devices and operating systems could impact your agency. The Federal PKI Policy Authority has elected to remove our U.S. Government Root CA certificate (Federal Common Policy CA) from the Apple Operating System Trust Stores. This change will impact government users of Apple iOS, macOS, and tvOS, starting in September 2018.

This change will cause government users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for government intranets and government-furnished equipment.


Removal of CAs from Federal PKI

Date: March 5, 2019
Description: Federal PKI teams recently performed two actions to remove fifty-nine (59) certification authorities (CAs) related to health IT use cases from the Federal PKI trust framework. This change is related to efforts to assess and maintain the mission scope for Federal PKI and reduce burden for commercial and non-profit organizations. This change is not a distrust action. This announcement provides information related to the CAs affected by this change.


DigiCert CA Decommissioning

Date: April 1, 2019
Description: DigiCert Incorporated is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes. This announcement provides information related to the CAs affected by this change.


Upcoming Migration of Federal PKI Certificate Repository Services

Date: April 1, 2019
Description: On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. This announcement provides additional information related to the upcoming migration.