Knowledge Base

Description

This communication contains important updates regarding your MPKI 8 services. There are key changes that require your action. Please take a moment to read through the information and take action as needed.

NOTE: There is no impact to MPKI 7 customers or CRL distribution servers.

Status

OCSP server IP address changes for DigiCert PKI Platform

For security and compliance best practices, we are updating the Online Certificate Status Protocol (OCSP) infrastructure for MPKI.  

 IP addresses for OCSP servers were updated at the end of May 2018. 

Action Required

What this means to you

 If you have firewall and/or access control devices that have policies permitting access to the URLs below, no action is required.

*.digicert.com

*.symauth.com

*.symcb.com

*.symcd.com

If you have firewall and/or access control devices that have policies permitting access to IP addresses, it is strongly recommended that they use URLs instead of IP addresses. We can potentially change these IP addresses at any time without notification.

If your corporate firewall and/or access control devices are configured to allow only a certain set of IP addresses to be accessed from your network, you'll need to take the following actions:

Add the following IP addresses to your existing list and be sure not to replace the old IP addresses and your existing rules for the DigiCert OCSP server IP addresses which should not be deleted.

• 72.21.91.29
• 117.18.237.29
• 93.184.220.29
• 192.16.58.8

These are the new DigiCert net blocks that should be updated as well.

MPKI Service IP Zone:

• 216.168.240.0/20

Additional IP’s that need to be added to netblocks that DigiCert uses can be found in IP Ranges | Cloudflare.

Resolution

If you have any questions or concerns, contact PKI Support.