Edit this page

System Changes and Notifications

This page lists the changes to certification authorities and supporting systems operating within the Federal PKI community.

The communication of changes, and planned or unplanned system outages, is required by the certificate policies and the incident management process. Strong communication allows for planning and response and benefits the Federal PKI community as a whole. Planned changes of the these types require notifications two (2) weeks in advance:

  • Changes to Certificate Revocation List Distribution Points
  • Changes to Online Certificate Status Protocol (OCSP) endpoints
  • Introducing new URIs or retiring old URIs referenced in the Certificates profiles in use
  • Signing or revoking a Certificate Authority (CA) certificate

System outages - either through a planned maintenance activity or unplanned event - may also be posted on this page, and may trigger the Incident Management process.

To report a change or system outage not listed below, please email fpki@gsa.gov.

Notifications


  • Notice date: September 30, 2017
  • System: Federal PKI Trust Infrastructure
  • Type: CA Certificate Issuance
  • Start Date and Time: September 28, 2017
  • Change Description: Issuance of cross-certificate from Federal Bridge to DigiCert
  • Contact: fpki@gsa.gov
  • Certificate Issuer: Federal Bridge CA 2016
  • Certificate Subject: DigiCert Federated ID CA-1
  • Certificate SHA1 HASH: e8 0b dd c6 1e d8 c4 3a d0 95 fc 94 62 17 be 45 bd d3 47 c1
  • Certificate Revocation List: http://http.fpki.gov/bridge/fbca2016.crl
  • Certificate Bundle (AIA): http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c
  • Certificate Bundle (SIA): http://cacerts.digicert.com/siaDigiCertFederatedIDCA-1.p7c
  • OCSP: N/A

  • Notice date: September 14, 2017
  • System: DigiCert Federated ID CA-1
  • Type: CA Certificate Issuance
  • Start Date and Time: Aug 24, 2017
  • Change Description: A new CA certificate was issued for a subordinate CA under Digicert Federated Trust CA-1. The CA certificate is for Trinity Health Direct CA.
  • Contact: ben.wilson at digicert dot com
  • Certificate Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Federated Trust CA-1
  • Certificate Subject: C=US, O=Trinity Health, CN=Trinity Health Direct CA
  • Certificate SHA1 HASH: 91:C3:74:48:0A:BA:3B:B9:B4:6C:8A:87:0F:95:E0:CA:98:CF:0C:70
  • Certificate Revocation List: http://crl4.digicert.com/DigiCertFederatedTrustCA-1.crl, http://crl3.digicert.com/DigiCertFederatedTrustCA-1.crl
  • Certificate Bundle (AIA): http://cacerts.digicert.com/aiaTrinityHealthDirectCA.p7c
  • OCSP: http://ocsp.digicert.com

  • Notice date: September 14, 2017
  • System: DigiCert Federated ID CA-1
  • Type: CA Certificate Issuance
  • Start Date and Time: Aug 24, 2017
  • Change Description: A new CA certificate was issued for a subordinate CA under Digicert Federated ID CA-1. The CA certificate is for DigiCert Federated Trust CA-1.
  • Contact: ben.wilson at digicert dot com
  • Certificate Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Federated ID CA-1
  • Certificate Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Federated Trust CA-1
  • Certificate SHA1 HASH: E2:9C:44:38:7F:7B:AA:9F:49:EF:CC:AE:A6:54:BC:E2:0C:FF:5F:D3
  • Certificate Revocation List: http://crl3.digicert.com/DigiCertFederatedIDCA-1.crl, http://crl4.digicert.com/DigiCertFederatedIDCA-1.crl
  • Certificate Bundle (AIA): http://cacerts.digicert.com/aiaDigiCertFederatedTrustCA-1.p7c
  • OCSP: http://ocsp.digicert.com

  • Notice date: August 22, 2017
  • System: Verizon Federal PKI Shared Service Provider
  • Type: CA Certificate Revocation
  • Start Date and Time: August 25, 2017
  • Change Description: The CA certificate for the issuing CA named Executive Office of the President CA-B8 will be revoked on August 25th and a long term CRL will be published. This CA is no longer active.
  • Contact: vziamssp@verizon.com, fpki@gsa.gov
  • Certificate Issuer: CN=Betrusted Production SSP CA A1,OU=Betrusted Production SSP CA A1,OU=SSP,O=Betrusted US Inc,C=US
  • Certificate Subject: CN=Executive Office of the President CA-B8,OU=PKI,OU=Services,DC=ssp,DC=eop,DC=gov
  • Certificate SHA1 HASH:

  • Notice date: August 4, 2017
  • System: US Government Publishing Office CAs
  • Type: CA Certificate Issuance
  • Start Date and Time: August 4, 2017 3:28:27 PM
  • Change Description: Issuance of cross-certificate from US Government Publishing Office to Federal Bridge
  • Contact: fpki@gsa.gov
  • Certificate Issuer: GPO PCA
  • Certificate Subject: Federal Bridge CA 2016
  • Certificate SHA1 HASH: b5 d4 0b e9 4f 2e 01 4f 51 0b 29 64 36 6f 10 13 f4 1a f3 0e
  • Certificate Revocation List: http://www.gpo-fbca-crls.ois.gpo.gov/GPO-PCA-CRLa4.crl
  • Certificate Bundle (AIA): http://www.gpo-fbca-crls.ois.gpo.gov/GPO-PCA-CACertificates.p7c
  • Certificate Bundle (SIA): http://http.fpki.gov/bridge/caCertsIssuedByfbca2016.p7c
  • OCSP: http://www.ocsp.gpo.gov

  • Notice date: August 3, 2017
  • System: N/A
  • Type: CA Certificate Issuance
  • Start Date and Time: August 3, 2017 1:33:41 PM
  • Change Description: Issuance of cross-certificate from Federal Bridge to US Government Publishing Office
  • Contact: fpki@gsa.gov
  • Certificate Issuer: Federal Bridge CA 2016
  • Certificate Subject: GPO PCA
  • Certificate SHA1 HASH: b8 ea bb 18 ed 54 4c 9f cf b2 99 bd 5d 32 21 27 e6 f4 8d 90
  • Certificate Revocation List: http://http.fpki.gov/bridge/fbca2016.crl
  • Certificate Bundle (AIA): http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c
  • Certificate Bundle (SIA): http://www.gpo-fbca-crls.ois.gpo.gov/caCertsIssuedByGPO.p7c
  • OCSP: N/A

  • Notice date: July 25, 2017
  • System: Federal PKI Trust Infrastructure
  • Type: CA Certificate Issuance
  • Start Date and Time: July 25, 2017 12:57:21 PM
  • Change Description: Issuance of cross-certificate from Federal Bridge to Symantec
  • Contact: fpki@gsa.gov
  • Certificate Issuer: Federal Bridge CA 2016
  • Certificate Subject: VeriSign Class 3 SSP Intermediate CA - G2
  • Certificate SHA1 HASH: 63 3b 29 78 0d 72 f9 b6 e6 52 f8 58 6b 13 87 02 19 5a 2c cd
  • Certificate Revocation List: http://http.fpki.gov/bridge/fbca2016.crl
  • Certificate Bundle (AIA): http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c
  • Certificate Bundle (SIA): http://ssp-sia.symauth.com/VTNSSP/Certs_issued_by_Class3SSPCA-G2.p7c
  • OCSP: N/A

  • Notice date: July 12, 2017
  • System: Federal PKI Trust Infrastructure
  • Type: CA Certificate Issuance
  • Start Date and Time: July 12, 2017 10:59:26 AM
  • Change Description: Issuance of cross-certificate from Federal Bridge to Widepoint
  • Contact: fpki@gsa.gov
  • Certificate Issuer: Federal Bridge CA 2016
  • Certificate Subject: ORC NFI CA 3
  • Certificate SHA1 HASH: 8a 0a 15 2e f9 36 74 72 c8 83 28 e7 b8 18 a5 7a ed ea 33 ef
  • Certificate Revocation List: http://http.fpki.gov/bridge/fbca2016.crl
  • Certificate Bundle (AIA): http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c
  • Certificate Bundle (SIA): http://crl-server.orc.com/caCerts/ORCNFI3_SIA.p7c
  • OCSP: N/A

  • Notice date: June 20, 2017
  • System: Federal PKI Trust Infrastructure
  • Type: CA Certificate Issuance
  • Start Date and Time: June 20, 2017 12:56:58 PM
  • Change Description: Issuance of cross-certificate from Federal Bridge to Identrust
  • Contact: fpki@gsa.gov
  • Certificate Issuer: Federal Bridge CA 2016
  • Certificate Subject: IdenTrust Global Common Root CA 1
  • Certificate SHA1 HASH: 8f 0c 18 76 9e 9e 6d 48 c5 8e 41 8e 9b d5 79 84 a7 ae 49 f4
  • Certificate Revocation List: http://http.fpki.gov/bridge/fbca2016.crl
  • Certificate Bundle (AIA): http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c
  • Certificate Bundle (SIA): http://validation.identrust.com/roots/IssuedbyIGCRootCA1.p7c
  • OCSP: N/A

  • Notice date: June 20, 2017
  • System: Federal PKI Trust Infrastructure
  • Type: CA Certificate Issuance
  • Start Date and Time: June 20, 2017 12:26:12 PM
  • Change Description: Issuance of cross-certificate from Federal Bridge to Identrust
  • Contact: fpki@gsa.gov
  • Certificate Issuer: Federal Bridge CA 2016
  • Certificate Subject: IdenTrust ACES CA 2
  • Certificate SHA1 HASH: f2 82 e5 05 30 11 13 e7 36 8a 26 2e 4e 3d fe 23 ed 39 c9 54
  • Certificate Revocation List: http://http.fpki.gov/bridge/fbca2016.crl
  • Certificate Bundle (AIA): http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c
  • Certificate Bundle (SIA): http://validation.identrust.com/certs/issuedbyacesca2.p7c
  • OCSP: N/A

  • Notice date: June 20, 2017
  • System: Federal PKI Trust Infrastructure
  • Type: CA Certificate Issuance
  • Start Date and Time: June 20, 2017 12:15:44 PM
  • Change Description: Issuance of cross-certificate from Federal Bridge to Identrust
  • Contact: fpki@gsa.gov
  • Certificate Issuer: Federal Bridge CA 2016
  • Certificate Subject: IdenTrust ACES CA 1
  • Certificate SHA1 HASH: 8c 7a 33 76 da 95 e2 be 52 da bc 03 21 56 f4 c4 78 74 e4 c4
  • Certificate Revocation List: http://http.fpki.gov/bridge/fbca2016.crl
  • Certificate Bundle (AIA): http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c
  • Certificate Bundle (SIA): http://apps.identrust.com/roots/publicsectorroot.p7c
  • OCSP: N/A

How to Add a New Notification

System notifications can be submitted via either GitHub or email.

Submit Notification via GitHub Issue

  • Select Add New Notification

  • This will open a new Issue form with input information for notification information.
  • Enter the information and click ‘Submit new issue’ to submit the notification.

Submit Notification via Email

The notification can also be emailed to fpki@gsa.gov. The email should contain the following information.

Subject: FPKI System Notification - System Name

  • Notice Date
  • Change Type of one of the following: CA Certificate Issuance, CA Certificate Revocation, New CA, URI Change, System Outage
  • Change start date
  • Change end date
  • Change description
  • Contact email
  • If the change is a new or revoked CA certificate, include the CA Certificate hash (sha1 thumbprint), Issuer and Subject DNs
  • If the change is a new URI, include the new CDP, AIA, SIA or OCSP value