Under product sites you will find the product-specific programs and instructions of Information Security Services offering in Finland.
AN UPDATE TO CLIENT CERTIFICATE CHAIN
Telia will change certification chain for client certificate on November 14th 2019. A new certification chain will be set to all client certificates from this date on. New chain looks like this:
TeliaSonera Root CA v1 → TeliaSonera Class 1 CA v2 → client certificate
The old chain begins with Sonera Class 2 CA which will now disappear from certification chain. This root certificate will expire on April 5th 2021. After this date certificate with old chain may not appear as trusted.
This change does not require any action by customer. Server software using old versions may cause untrusted certificate errors to appear. If this happens, it is necessary to add TeliaSonera Root CA v1 self-signed root certificate into certificate store of the server. This certificate is available for download at Telia root certificate download service. Assistance is available at firstname.lastname@example.org.
New certification has been used for several years in server certificates so there is no need for changes for server certificate customers.
A TELIA INTERMEDIATE CA CERTIFICATE HAS EXPIRED ON OCT 17TH 2019
CA certificate called TeliaSonera Root CA v1 Intermediate (SHA-1 hash) has expired on October 17th 2019. Untrusted certification chain is Sonera Class 2 CA -> TeliaSonera Root CA v1 Intermediate SHA-1 -> TeliaSonera Server CA v2 -> customer certificate.
Services, which contain expired certificate in their server certification chain, must be changed to SHA-2 version of the named certificate. SHA-2 version intermediate certificate can be downloaded here. SHA-2 intermediate will expire on April 5th 2021. After this only working root chain will be the one beginning from TeliaSonera Root CA v1. Services already using chain beginning from TeliaSonera Root CA v1 are not affected by the expiration. More information about Telia certification hierarchies is here.
CHANGES IN SERVER CERTIFICATE VALIDATION
CA/Browser Forum has decided to change validation methods for publicly trusted certificates. This means that all domains owned by Telia certificate customers have to be re-validated.
New validation methods have been used since August 1st 2018. More information about the new methods is found here.
Please note following before commencing re-validation:
If you choose to use a phone call for validation, please make sure that your telephone information is correct in the appropriate domain registry. You can check the records of your domains using Whois services like who.is or whois.net. The person who answers to the phone number listed in domain registry should possess knowledge about your domains.
If you choose email method, please check email information for your domain from Whois service. A validation message can be delivered only to the addresses found from the Whois service and so-called standard email address, which all domain should have as configured. Examples of these are webmaster@, hostmaster@ and admin@.