This communication contains important updates regarding your MPKI 8 services. There are key changes that require your action. Please take a moment to read through the information and take action as needed.
OCSP server IP address changes for DigiCert PKI Platform
For security and compliance best practices, we are updating the Online Certificate Status Protocol (OCSP) infrastructure for MPKI.
IP addresses for OCSP servers were updated at the end of May 2018.
What this means to you
If you have firewall and/or access control devices that have policies permitting access to the URLs below, no action is required.
If you have firewall and/or access control devices that have policies permitting access to IP addresses, it is strongly recommended that they use URLs instead of IP addresses. We can potentially change these IP addresses at any time without notification.
If your corporate firewall and/or access control devices are configured to allow only a certain set of IP addresses to be accessed from your network, you'll need to take the following actions:
Add the following IP addresses to your existing list and be sure not to replace the old IP addresses and your existing rules for the DigiCert OCSP server IP addresses which should not be deleted.
These are the new DigiCert net blocks that should be updated as well.
MPKI Service IP Zone:
Additional IP’s that need to be added to netblocks that DigiCert uses can be found in IP Ranges | Cloudflare.
If you have any questions or concerns, contact PKI Support.