Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


20140127 - Expiration of GlobalSign Root CA intermediate

GlobalSign Root CA intermediate certificate used for the issuance of Extended Validation (EV) certificates expires on January 28th, 2014.

If you do have a currently valid GlobalSign EV certificate, you'll have to realize a modification on your server to replace this intermediate certificate.

The certificate to be replaced is:

OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign

(serial number 04:00:00:00:00:01:10:0b:8c:9e:8b)
You'll find it here: GlobalSign Root CA - R2 (exp 2014)

It has to be replaced by:

OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign

(serail number 04:00:00:00:00:01:2f:4e:e1:49:52)
You'll find it here: GlobalSign Root CA - R2 (exp 2028)

Or here under:

-----BEGIN CERTIFICATE-----
MIIETDCCAzSgAwIBAgILBAAAAAABL07hSVIwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNjEyMTUwODAw
MDBaFw0yODAxMjgxMjAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD
QSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4h
VJsL03+EcPoSs8u/h1/Gf4bTsjBc1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtK
pspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoHL7Qed7+KD7UCfBuWuMW5Oiy81hK5
61l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN8LgtyyHK1WxbfeGgKYSh
+dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2G/YZeoXgbfJh
E4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLKA8Kb
jwIDAQABo4IBIjCCAR4wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
HQYDVR0OBBYEFJviB1dnHB7AagbeWbSaLd/cGYYuMEcGA1UdIARAMD4wPAYEVR0g
ADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBv
c2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24u
bmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDov
L29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMB8GA1UdIwQYMBaAFGB7ZhpFDZfK
iVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQCZIivuijLTDAd+3RsgK1Bq
lpEG2r5u13KWrVM/fvWPQufQ62SlZfLz4z0/WzEMfHmEOpeMDx+uwbzy67ig70H9
vDGp/MlC5kS+HlbKdYuySTGZ/urpcWSGeo/l1WERQ+hAuzEM4tsYi5l0OGGrJICM
+ag710nWZooYc8y8BjmLEDIODdOx9+9mExBZSMjPAcqZzJBymNs67cunu+JscI6m
nmhj7Y+3LQWJztlU9k6rHkbbMEk/9mrgAfC8zYTUOfdVjgMVcdOdNO2dxtHIqsWE
OTsN/SknUh6Dq0gjhVhQs5XGC7Mm4xYtqDDcA1BtXNEMzSqhR5rPIBvbQ4gfwvzg
-----END CERTIFICATE-----

You may also be impacted by the expiration of the Globalsign Root CA. Consult Globalsign notice.

How to realize this operation?

Under Apache

If you are using Apache, modify the chain file:

  • download the new chain file
  • locate the chain file by checking its location in your Apache configuration file
  • make a backup copy of this file
  • replace the content of the file by the content of the file you downloaded (step 1) chain_globalsign_ev_2014.txt
  • restart Apache

Under Microsoft IIS

If you are using Microsoft IIS, you'll have to change the GlobalSign Root CA - R2 certificate in the MMC:

  • Launch the MMC as described in the section 1 here: Install intermediate certificates or root certificates manually
  • place the new intermediate certificate on your desktop
  • in the MMC, in the "Intermediate Certification Authorities" file, delete the "GlobalSign Root CA - R2" certificate
  • in the MMC, in the "Intermediate Certification Authorities" file, import (right click, all tasks, import) the certificate you placed on your desktop (step 2)
  • restart your IIS server

Our technical support is at your service to assist you and make sure the operation has been done correctly.