WELCOME TO THE SUPPORT SITE OF TELIA CERTIFICATE AND REMOTE ACCESS SERVICES

Telia offers certificate and remote access services in Finland and Sweden.

CERTIFICATE SERVICE CONTACT


NEWS

--

SONERA CLASS 2 ROOT CERTIFICATE EXPIRES ON APRIL 6TH

Telia certificates have been using TeliaSonera Root CA v1 for a long time which expires in 2032. Thus this expiration should not cause any disturbances in customer solutions.

Telia has identified two potential issues.

  • If customer solution which uses Java version earlier than 7 build 181 or 8 build 171 and Telia server certificate, trust chain will stop working. Old Java versions do not contain TeliaSonera Root CA v1 as a trusted root. Fix for this is to install manually TeliaSonera Root CA v1 root certificate as a trusted CA certificate to Java cacerts certificate store. There exists instructions for this procedure on our Java support page.
  • If PKCS#12 client certificate package (.pfx or .p12) created before 2021 is used without unpacking the package, the trust chain may stop working. If this happens P12 should be reconstructed using Telia's newer root.

If your service has disturbances related to certificate trust on April 6th, please contact us at:

MIGRATION TO NEW PORTAL


Certificate customer organizations using self-service certificate management will be migrated to a new portal called Certificate Manager in coming months. New portal resembles familiar Secure Manager user interface. but it has several improvements.

A list of major changes:

  • Menus have been reinvented to suit better for certificate management
    • CSR data can be edited before certificate enrollment (e.g. add SAN names)
    • Pending items are clearly listed on one screen (“Show / Pending”)
    • Improved search and list features
  • A new SMS OTP authentication has been introduced using Telia Tunnistus service
  • Also authentication using a client certificate is retained
  • Company identity is now based on Business Identity Code instead of Secure Manager organizations
  • Improvements in single-view handling of group-type concerns

Migration plan has migration of TLS server certificate customers first.
Customers, who use Secure Manager for client certificates other than certificates for certificate portal login, will be migrated last.

Migration has already been done for single certificate ordering service, where it had no visible new features except use of Bisnode business data service for company data form on tab 2.

TELIA CERTIFICATE SERVICE AND OU


Telia certificates issued by new Certificate Manager portal do not include anymore OU (Organizational Unit) information. International certificate community plans to forbid use of OU in 2021 and Telia has removed this value from certificates. OU information cannot be validated from reliable sources and thus it will be removed from certificates.

MAXIMUM VALIDITY TIME FOR SERVER CERTIFICATES HAS CHANGED ON SEP 1ST


The international certificate community has decided to limit validity for server certificates to 398 days beginning from September 1st, 2020. It is possible to order only one-year certificates from September 1st from Telia Certificate Service.

AN UPDATE TO CLIENT CERTIFICATE CHAIN


Telia has changed certification chain for client certificate on November 14th 2019. A new certification chain will be set to all client certificates from this date on. New chain looks like this:

TeliaSonera Root CA v1 → TeliaSonera Class 1 CA v2 → client certificate

The old chain begins with Sonera Class 2 CA which will now disappear from certification chain. This root certificate will expire on April 5th 2021. After this date certificate with old chain may not appear as trusted.

This change does not require any action by customer. Server software using old versions may cause untrusted certificate errors to appear. If this happens, it is necessary to add TeliaSonera Root CA v1 self-signed root certificate into certificate store of the server. This certificate is available for download at Telia root certificate download service.

New certification has been used for several years in server certificates so there is no need for changes for server certificate customers.