Starting August 31, 2023, all TLS/SSL security certificates issued or renewed through the InCommon Certificate Service will be signed by a new intermediate certificate. People who use these certificates to secure their websites, servers, or devices will need to take action:
- WASUP and InCommon Certificate Manager users:
- If you have intermediate/root certificates installed separately from leaf certificates on your system, download and install the new intermediate certificate. This needs to be done before your current TLS/SSL certificate expires.
- If you have intermediate/root certificates installed separately from leaf certificates on your system, download and install the new intermediate certificate. This needs to be done before your current TLS/SSL certificate expires.
- ACME users:
- Reconfigure certbot or other ACME client to use a new InCommon/Sectigo ACME enrollment account that can obtain certificates signed by the new intermediate certificate.
Everyone can start requesting certificates signed by the new intermediate certificate now. There is no need to wait for them to become mandatory on August 31.
This change does not affect certificates issued by Let’s Encrypt.
For additional information, including instructions on how to switch your servers to use the new intermediate certificate, refer to 2023/2024 InCommon Certificate Service Intermediate Certificate Change on the ITS website.
For assistance, contact incommon-certificate-service@umich.edu.
