SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


20101112: VeriSign announces issues about SGC certificates issuance

VeriSign nnounces that after its roots migration on October 10th, an issue has been found in the provided certification chain. It affects certificates issued via TBS Internet between October 10th and November 11th 2010:
  • VeriSign Secure Site Pro
  • VeriSign Secure Site Pro EV
  • Thawte SuperCert
The issue is due to an intermediate certificate that did not have all the extensions needed to enforce 128-bit on Netscape 4.0.1 to 4.7 browsers.

In order to get the guaranteed 128-bit encryption level on these browsers, the intermediate certificate needs to be replaced (VeriSign Class 3 PPCA G5 (cross) v2010-1) by the new intermediate certificate (VeriSign Class 3 PPCA G5 (cross) v2010-2).

To do so, go on your certificate status page (go on your status page) and download the new certification chain. According to your server software you can either:
  • replace the chain file by the new one,
  • or specificaly replace the intermediate certificate named subject=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
VeriSign published this technical note in order to assist replacements on Microsoft IIS platfoms.

Even if it is not necessary, some might want to reissue theirs certificate and re-install it whith the new chain, see Reissuance.

Am I impacted?
Each of interested customer received an email on November 12th, 2010.

I am a TBS-Internet customer, am I really impacted?
if you followed the installation instructions provided by TBS Internet, you are probably not impacted. indeed, TBS never released to its customer the incriminated certificate (VeriSign Class 3 PPCA G5 (cross) v2010-1) but used the VeriSign Class 3 PPCA G5 (cross) v2009, that actually works fine under Netscape 4.x as under the other platforms. Check your certification chain if you have any doubt.

What can happen if I choose not to update?
Your certificate will work normally, with 128-bit enforcement, execpt for Netscape 4.0.1 to 4.7, that will have a lower encryption level.

Did VeriSign published an official information about this issue?
YES: VeriSign notice and Thawte notice