Welcome Login

For current information from GSA about COVID19 please click HERE

You are here

New Federal Public Key Infrastructure (FPKI) Certification Authority (CA)

In October, a new Federal Public Key Infrastructure (FPKI) Root Certification Authority (CA), Federal Common Policy CA G2 (FCPCAG2), was established.  FPKI CAs signed by the old root CA will migrate to FCPCAG2.  To limit impact, customer Agencies must distribute the FCPCAG2 root certificate to all affected devices as a trusted certificate as soon as possible.  Once migration is complete, the old root CA will be decommissioned in May 2021.

 

For published certificates and recommended migration steps for customer agencies, please visit https://fpki.idmanagement.gov/common/. Contact fpkirootupdate@gsa.gov with questions about the new FPKI root CA certificate and migration steps.

 

On Friday, January 29, 2021, between 7:00 PM – 9:00 PM Eastern, the Entrust Managed PKI Team will publish the certificate issued from the new FCPCAG2 to the Entrust Managed Services Root CA to all externally facing AIA LDAP and HTTP locations. This activity will support agencies’ final migration steps to the new FCPCAG2.

 

Moving to the new certificate path is mandatory. The current CA certificates between the old Federal Common Policy CA and the Entrust Managed Services Root CA will remain available and valid for the time being; however, the current CA certificates will be revoked and removed by May 2021.

 

USAccess Agencies are strongly encouraged to perform testing between now and May 2021 to ensure all customer use cases are intact after the change (e.g., smart card logon to workstations, VPN access, etc.).

 

Reference the links below to download the newly created Federal Common Policy CA G2 and the Entrust Managed Services Root certificates.

 

531
Tags: 
Share

Views: 101

The GSA USAccess Managed Service Office (MSO) uses this community to communicate the latest USAccess updates to our customer agencies (including... More
  • kmeyer@chameleonis.com's picture
    kmeyer@chameleo...
  • itsjaye79's picture
    itsjaye79
  • gfortune's picture
    gfortune