The University of Maine System issues self-signed certificates for use with some of the applications and websites that we use and host. No certificate lasts forever, including those of Certificate Authorities. Our own old (CA1) certificate will expire March 19th, 2010–which is fast approaching.
Due to this impending deadline, we have created a new (CA2) certificate which will be used to sign all new certificates that UMS issues itself (not to be confused with those we purchase on behalf of units within the system from a global certificate vendor). However, older applications’ and sites’ certificates may remain in place until either one of the following occurs:
- The application or site certificate reaches the end of its otherwise “natural” life, or
- The Signing Certificate (CA1) expires.
When either one of these happen the application or site will need to have a new certificate issued. This new certificate will be signed using our new certificate authority certificate (CA2).
Now, the answer you’ve been waiting for: How does this affect users?
Any one application used or site hosted within UMS may be using either the new or the old Certificate Authority until mid-March (and in some rare cases, such as web browsers, both may be available at the same time). This means that any user may be using an application or web site that uses either certificate at any time. To make this transitional period a success we encourage users to download and install BOTH CA1 and CA2 (if they haven’t done so already) into their web browsers’ cerificate store until CA1 expires.