Ask a Question

Advanced Search

Alert ID : INFO4987

Last Modified : 06/06/2018

OCSP and CRL for the Legacy RapidSSL TLS PKI Hierarchy

Description

For security and compliance best practices, we are updating the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) infrastructure for legacy Rapidssl certificates.

OCSP and CRL URLs in the legacy rapidssl certificates will not be changed, but IP addresses for them will be updated at the end of May, 2018.

Please be advised that the plan to upgrade the OCSP infrastructure has been put on hold for now. We will update this page once we have additional information or an updated timeline.
 

What this means to you

 

  1. If you have the firewall and/or access control devices that have policies with URLs below, no action required.
     
    • *.rapidssl.com
    • *.symcb.com
    • *.symcd.com
       
  2. If you have the firewall and/or access control devices that have policies with IP addresses, it is strongly recommended that they should use URLs instead of IP addresses. We can change these IP addresses at any time without notification.
    If your corporate firewall and/or access control devices are configured to allow only a certain set of IP addresses to be accessed from your network, you'll need to take the following actions:
     
    1. Install or add the IP addresses to your existing list – do not replace the old IP addresses and your existing rules for the legacy Rapidssl OCSP and CRL IP addresses should not be deleted.

      72.21.91.29
      117.18.237.29
      93.184.220.29
      192.16.58.8