Replacement of the DFN-PCA certificate security level Global


The DFN association replaced the DFN-PCA certificate on 6.08.2014 security level Global.


Basically, this has no direct effect on the validity of already issued user or server certificates as there are two different certificates with the same name and an identical key . User and server certificates neither have to be re-applied nor exchanged , they are still valid!

Important: Still need for action

In some cases there actually is need for action. Since the exchangend DFN-PCA certificate will be blocked within the next few weeks, a link in the chain of trust of the user and server certificates "Deutsche Telekom Root CA 2" will become invalid. The exact date of the blocking is unknown.

Who is affected?

Affected are those subscribers of the RWTH-CA, who got issued a new user or server certificate by mid-May 2014 and who imported the certification chain from the application pages into the software by themselves.

That means: Those certification holders, who installed the certificate "CN=DFN-Verein PCA Global - G01" (valid from 12.05. - 5.08.2014) have to replace it now. The easiest way to do so is the re-import of the CA certificates, just as the subscriber did by applying it.

What to do?

Please visit the same DFN website as you did when applying the certificate. Click on the link "CA certificates" and then click " DFN - PCA certificate SHA - 1 " . Open the certficate and click on "Install certificate". Confirm the both following windows with "next" before the message "The import was successful" appears.

The DFN association regrets any incovenience.