Ask a Question

Advanced Search

Alert ID : INFO4986

Last Modified : 06/06/2018

OCSP and CRL for the Legacy GeoTrust TLS PKI Hierarchy

Description

For security and compliance best practices, we are updating the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) infrastructure for legacy Geotrust certificates.

OCSP and CRL URLs in the legacy Geotrust certificates will not be changed, but IP addresses for them will be updated at the end of May, 2018.

Please be advised that the plan to upgrade the OCSP infrastructure has been put on hold for now. We will update this page once we have additional information or an updated timeline.
 

What this means to you

  1. If you have the firewall and/or access control devices that have policies with URLs below, no action required.
     
    • *.geotrust.com
    • *.symcb.com
    • *.symcd.com
       
  2. If you have the firewall and/or access control devices that have policies with IP addresses, it is strongly recommended that they should use URLs instead of IP addresses. We can change these IP addresses at any time without notification.
    If your corporate firewall and/or access control devices are configured to allow only a certain set of IP addresses to be accessed from your network, you'll need to take the following actions:
     
    1. Install or add the IP addresses to your existing list – do not replace the old IP addresses and your existing rules for the legacy Geotrust OCSP and CRL IP addresses should not be deleted.

      72.21.91.29
      117.18.237.29
      93.184.220.29
      192.16.58.8