The DFN-PKI and therefore also the KIT-CA G2 will not generate any new server certificates after 30.12.2022. All certificates issued up to that date will keep their validity until the end of validity specified in the certificate.
At KIT, there will be two new possibilities to obtain globally valid x509 certificates in the future:
- Let's Encrypt with KIT-specific DNS plugin (https://docs.ca.kit.edu/acme4netvs/en/)
- GÉANT Trusted Certificate Services (the official successor service of the DFN-PKI)
However, the SCC recommends that the affected service operators switch to certificates from Let's Encrypt as soon as possible and automate the process for this.
The use of GÉANT TCS is currently not yet usable for various reasons and is therefore not currently recommended. In 2023, however, the SCC will also provide a process for GÉANT TCS and document it at www.ca.kit.edu.
Last year, the SCC provided detailed information about this changeover and the planned procedure in the IT expert group . In addition, affected certificate holders were informed directly by mail in order to be able to take action at an early stage.
For further support, the CERT team has offered several consultation hours for interested parties to jointly clarify questions that have appeared and problems with the implementation of the SCC-recommended solution with Let's Encrypt.
Noch bis zum 15.12.2022 können Serverzertifikate nach dem bisherigen Verfahren. beantragt und bis Ende 2023 genutzt werden. Damit ist die Umstellung durch Dienstbetreibende auf das neue Verfahren erst im Laufe des kommenden Jahres 2023 erforderlich.
Server certificates can be applied for using the previous procedure until December 15, 2022, and used until the end of 2023. This means that service providers will not have to switch to the new procedure until the coming year 2023.