Telia offers certificate and remote access services in Finland and Sweden.
CERTIFICATE SERVICE CONTACT
DOMAIN VALIDATION CHANGE TO 393 DAY VALIDITY
According to CA / Browser Forum decision, Telia changes maximum validity of a domain validation to 393 days on August 16th, 2021. After the change domain requires re-validation after 393 days.
SONERA CLASS 2 ROOT CERTIFICATE EXPIRES ON APRIL 6TH
Telia certificates have been using TeliaSonera Root CA v1 for a long time which expires in 2032. Thus this expiration should not cause any disturbances in customer solutions.
Telia has identified two potential issues.
- If customer solution which uses Java version earlier than 7 build 181 or 8 build 171 and Telia server certificate, trust chain will stop working. Old Java versions do not contain TeliaSonera Root CA v1 as a trusted root. Fix for this is to install manually TeliaSonera Root CA v1 root certificate as a trusted CA certificate to Java
cacertscertificate store. There exists instructions for this procedure on our Java support page.
- If PKCS#12 client certificate package (.pfx or .p12) created before 2021 is used without unpacking the package, the trust chain may stop working. If this happens P12 should be reconstructed using Telia's newer root.
If your service has disturbances related to certificate trust on April 6th, please contact us at:
MIGRATION TO NEW PORTAL
Certificate customer organizations using self-service certificate management will be migrated to a new portal called Certificate Manager in coming months. New portal resembles familiar Secure Manager user interface. but it has several improvements.
A list of major changes:
- Menus have been reinvented to suit better for certificate management
- CSR data can be edited before certificate enrollment (e.g. add SAN names)
- Pending items are clearly listed on one screen (“Show / Pending”)
- Improved search and list features
- A new SMS OTP authentication has been introduced using Telia Tunnistus service
- Also authentication using a client certificate is retained
- Company identity is now based on Business Identity Code instead of Secure Manager organizations
- Improvements in single-view handling of group-type concerns
Migration plan has migration of TLS server certificate customers first.
Customers, who use Secure Manager for client certificates other than certificates for certificate portal login, will be migrated last.
Migration has already been done for single certificate ordering service, where it had no visible new features except use of Bisnode business data service for company data form on tab 2.
TELIA CERTIFICATE SERVICE AND OU
Telia certificates issued by new Certificate Manager portal do not include anymore OU (Organizational Unit) information. International certificate community plans to forbid use of OU in 2021 and Telia has removed this value from certificates. OU information cannot be validated from reliable sources and thus it will be removed from certificates.