Produced by Araxis Merge on 8/4/2017 2:45:04 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | CUI-Release-v2.2.0-source.zip\CUI-Release-v2.2.0-source\ssl\vler-das | README_DAScerts2014.txt | Thu Jun 15 19:04:28 2017 UTC |
| 2 | CUI-Release-v2.2.0-source.zip\CUI-Release-v2.2.0-source\ssl\vler-das | README_DAScerts2014.txt | Fri Aug 4 17:27:05 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 4 | 84 |
| Changed | 3 | 12 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | VLER/DAS C ertificate updates 2 014 | |
| 2 | ||
| 3 | Please not e that the se certifi cates have been issu ed by a di fferent CA Chain tha n were the previous certificat es. | |
| 4 | ||
| 5 | The old CA Chain was : | |
| 6 | ||
| 7 | GTE CyberT rust Globa l Root | |
| 8 | - CyberTru st Public Issuing CA 1 | |
| 9 | -- <issued server ce rtificate> | |
| 10 | ||
| 11 | If the VLE R/DAS serv er instanc e to which you conne ct is the ONLY serve r using th e above CA Chain, yo u can remo ve those c ertificate s from you r trust st ores once the new VL ER/DAS cer tificates become act ive. If y our automa tion conne cts to any other ser vers that use the GT E CA Chain above, yo u should l eave the c hain in yo ur trust. | |
| 12 | ||
| 13 | If you don 't know, t hen to err on the si de of Secu rity, remo ve the two CyberTrus t CA certi ficates li sted above . You can always re install th em later i f needed. | |
| 14 | ||
| 15 | The CA Cha in that is providing updated P ublic-faci ng certifi cates for VLER-DAS s ervers is as follows : | |
| 16 | ||
| 17 | Federal Co mmon Polic y CA (file: Fed _CA_root.c er) | |
| 18 | - Betruste d Producti on SSP CA A1 (file: Fed _BeTrusted _CA1.cer) | |
| 19 | -- Veteran s Affairs Device CA B2 (file: Fed _VAD_CA2.c er) | |
| 20 | --- <issue d server c ertificate > (file: <se rverFQDN>. cer) | |
| 21 | ||
| 22 | If the new CA Chain listed abo ve is alre ady in you r automati ons's trus t, you do not have t o add thes e again. N o action s hould be n ecessary t o retain S SL connect ivity; whe n the new certificat es activat e on the V LER/DAS se rver insta nce, your automation should re cognize it and conti nue to fun ction. | |
| 23 | ||
| 24 | If the new CA Chain listed abo ve is NOT in your au tomation's trust, yo u should ( at least) add the Fe deral Comm on Policy CA, then t he others, in order, if needed . | |
| 25 | ||
| 26 | At the min imum, the root CA li sted above should be installed . Most au tomation s hould work if that t rust is in cluded. | |
| 27 | ||
| 28 | Adding onl y the (3) CA certifi cates shou ld work to allow any future VL ER/DAS upd ates from this same CA Chain. It should not be ne cessary to add the a ctual serv er certifi cate in th e trust, u nless your automatio n requires it. | |
| 29 | ||
| 30 | Adding all the new c ertificate s listed a bove will guarantee the trust will work. | |
| 31 | ||
| 32 | Note that since thes e certific ates are a ll issued by the sam e CA Chain , any peer that inst alls these in their trust stor es will tr ust connec tions to a nd from an y VLER/DAS server, a nd from an y server p resenting a certific ate issued by any of these CAs . | |
| 33 | A trusted certificat e does NOT carry imp lied acces s controls . | |
| 34 | ||
| 35 | Connection s points f or the cer tificates are as fol lows: | |
| 36 | ||
| 37 | Developmen t: s e r v er . d o m a in (external: devvler. d o main ) | |
| 38 | Silver Tes t: s e rv e r . d o m a in (external: silvervle r. d o main ) | |
| 39 | Gold Test: s e rv e r . d o m a in (external: goldvler. d o main ) | |
| 40 | ||
| 41 | Production : s e
|
|
| 42 | (Alternate :) s e r v er . d o main (same) | |
| 43 | ||
| 44 | Questions or problem s, please contact th e SDE Supp ort Team a t: P I
|
|
| 45 | ||
| 46 | 20140414 | |
| 47 | ||
| 48 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.