System Notification for: Federal Common Policy CA (intent to revoke CA certificates)

[ryancdickson]

This is a placeholder issue as the FPKIMA prepares to work with CA operators to determine the future timing of the revocation of the certificates issued by the Federal Common Policy CA (FCPCA).

Note: This issue will be updated as more information is available.

1. FCPCA to DigiCert Federal SSP (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = DigiCert Federal SSP Intermediate CA - G5, O = DigiCert, Inc., C = US
• Certificate Serial: 66c0
• Certificate SHA1 Hash: 98b58247ac8a2bc6f348f03e8d22884d8345fc0f

2. FCPCA to Entrust Managed Services Root CA (Revocation planned for June 17, 2021 (UPDATED))

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = Entrust Managed Services Root CA, OU = Certification Authorities, O = Entrust, C = US
• Certificate Serial: 734a
• Certificate SHA1 Hash: a09655170c87d0fbfe0328b99a7baf4a1cf0b5d9

3. FCPCA to Entrust Managed Services Root CA (Revocation planned for June 17, 2021 (UPDATED))

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = Entrust Managed Services Root CA, OU = Certification Authorities, O = Entrust, C = US
• Certificate Serial: 2e26
• Certificate SHA1 Hash: 39c1d3b64e756a3267bfe5fecb103da892ca0611

4. FCPCA to ORC SSP 4 (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = ORC SSP 4, O = ORC PKI, C = US
• Certificate Serial: 2ef9
• Certificate SHA1 Hash: 3a70323069a4c41bc95663152e9ccc7111bb0623

5. FCPCA to Symantec SSP Intermediate CA - G4 (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = Symantec SSP Intermediate CA - G4, O = Symantec Corporation, C = US
• Certificate Serial: 258e
• Certificate SHA1 Hash: 6a382438fd21037018daf3f422a2132bea2be817

6. FCPCA to U.S. Department of State AD Root CA (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = U.S. Department of State AD Root CA, CN = AIA, CN = Public Key Services, CN = Services, CN = Configuration, DC = state, DC = sbu
• Certificate Serial: 79f9
• Certificate SHA1 Hash: ce11590010562a39ad8b1455acf76c03737aebf6

7. FCPCA to US Treasury Root CA (Revocation planned for June 10, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = US Treasury Root CA, OU = Certification Authorities, OU = Department of the Treasury, O = U.S. Government, C = US
• Certificate Serial: 734b
• Certificate SHA1 Hash: 48ce02a99ae2cc4f790f2989aa153ed565b7e4d2

8. FCPCA to US Treasury Root CA (Revocation planned for June 10, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = US Treasury Root CA, OU = Certification Authorities, OU = Department of the Treasury, O = U.S. Government, C = US
• Certificate Serial: 6405
• Certificate SHA1 Hash: 5a87922b5eaf1d63198a951b2ab6f59b2f16c131

9. FCPCA to Verizon SSP CA A2 (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = Verizon SSP CA A2, OU = SSP, O = Verizon, C = US
• Certificate Serial: 65f8
• Certificate SHA1 Hash: 477bf4017d25cde276cdddf756d40ca591d76f6d

10. FCPCA to FBCAG4 (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = Federal Bridge CA G4, OU = FPKI, O = U.S. Government, C = US
• Certificate Serial: 7994
• Certificate SHA1 Hash: e836f3016bfb6e8df274f27fd8a4a5054517b0f1

Note: This list will be updated as revocation dates are confirmed in the issue updates below.

[ryancdickson]

Update (3/30/2021): The 3/5/2021 update below has been superseded - but will persist on this page for historical reference. Entrust Managed Services Root CA certificate revocation is now planned for 6/17/2021.

Update (3/5/21):

• An Entrust Cloud Services Notification was shared identifying April 22, 2021, as the planned revocation date of the certificates issued from the Federal Common Policy CA to the Entrust Managed Services Root CA.

Certificate 1

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = Entrust Managed Services Root CA, OU = Certification Authorities, O = Entrust, C = US
• Certificate Serial: 734a
• Certificate SHA1 Hash: a09655170c87d0fbfe0328b99a7baf4a1cf0b5d9

Certificate 2

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = Entrust Managed Services Root CA, OU = Certification Authorities, O = Entrust, C = US
• Certificate Serial: 2e26
• Certificate SHA1 Hash: 39c1d3b64e756a3267bfe5fecb103da892ca0611

[ryancdickson]

Update (3/9/21): Two additional CA certificate revocations have been planned for 4/22.

• WidePoint confirmed revocation can take place on 4/22 (certificate details below).
• Verizon confirmed revocation can take place on 4/22 (certificate details below).

WidePoint

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = ORC SSP 4, O = ORC PKI, C = US
• Certificate Serial: 2ef9
• Certificate SHA1 Hash: 3a70323069a4c41bc95663152e9ccc7111bb0623

Verizon

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = Verizon SSP CA A2, OU = SSP, O = Verizon, C = US
• Certificate Serial: 65f8
• Certificate SHA1 Hash: 477bf4017d25cde276cdddf756d40ca591d76f6d

[ryancdickson]

Update (3/10/21): Department of State confirmed certificate revocation can also take place on 4/22.

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = U.S. Department of State AD Root CA, CN = AIA, CN = Public Key Services, CN = Services, CN = Configuration, DC = state, DC = sbu
• Certificate Serial: 79f9
• Certificate SHA1 Hash: ce11590010562a39ad8b1455acf76c03737aebf6

[ryancdickson]

Update (3/29/21): Please be aware of the following updated certificate revocation timelines...

Department of Treasury revocation planned for June 10th, 2021.

Certificate 1

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = US Treasury Root CA, OU = Certification Authorities, OU = Department of the Treasury, O = U.S. - Government, C = US
• Certificate Serial: 734b
• Certificate SHA1 Hash: 48ce02a99ae2cc4f790f2989aa153ed565b7e4d2

Certificate 2

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = US Treasury Root CA, OU = Certification Authorities, OU = Department of the Treasury, O = U.S. Government, C = US
• Certificate Serial: 6405
• Certificate SHA1 Hash: 5a87922b5eaf1d63198a951b2ab6f59b2f16c131

Entrust Managed Services revocation delayed until June 17th, 2021.

Certificate 1

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = Entrust Managed Services Root CA, OU = Certification Authorities, O = Entrust, C = US
• Certificate Serial: 734a
• Certificate SHA1 Hash: a09655170c87d0fbfe0328b99a7baf4a1cf0b5d9

Certificate 2

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: OU = Entrust Managed Services Root CA, OU = Certification Authorities, O = Entrust, C = US
• Certificate Serial: 2e26
• Certificate SHA1 Hash: 39c1d3b64e756a3267bfe5fecb103da892ca0611

[ryancdickson]

Update (4/1/2021): The remaining CA certificate revocation dates have been confirmed.

FCPCA to DigiCert Federal SSP (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = DigiCert Federal SSP Intermediate CA - G5, O = DigiCert, Inc., C = US
• Certificate Serial: 66c0
• Certificate SHA1 Hash: 98b58247ac8a2bc6f348f03e8d22884d8345fc0f

FCPCA to Symantec SSP Intermediate CA - G4 (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = Symantec SSP Intermediate CA - G4, O = Symantec Corporation, C = US
• Certificate Serial: 258e
• Certificate SHA1 Hash: 6a382438fd21037018daf3f422a2132bea2be817

FCPCA to FBCAG4 (Revocation planned for April 22, 2021)

• Certificate Issuer: CN = Federal Common Policy CA, OU = FPKI, O = U.S. Government, C = US
• Certificate Subject: CN = Federal Bridge CA G4, OU = FPKI, O = U.S. Government, C = US
• Certificate Serial: 7994
• Certificate SHA1 Hash: e836f3016bfb6e8df274f27fd8a4a5054517b0f1

[ryancdickson]

The Federal PKI Guides Playbook is moving. We've created a breadcrumb to our new Playbook Issues page located at GSA/ficam-playbooks#99.

Future updates will be made at GSA/ficam-playbooks#99.