New Certificate Vendor - Sectigo going live on G2G

As the final step of CeRTNA transitioning to a new certificate vendor, Sectigo (https://www.sectigo.com).   The SSL certificate for our G2G services is being replaced on April 4, 2026.  Please verify that you have updated the firewall or proxy rules to allow sectigo.com and usertrust.com for all G2G workstations.

⚠️ Please contact your IT department to implement the following updates. These changes must be completed by April 3, 2026, to avoid issues logging into APEX on your G2G workstation.

 

🧱 Firewall Configuration

Update your firewall or proxy whitelist settings to allow communication with Sectigo services and the usertrust.com CRL.

• Wildcard Hostname (preferred):
  • *.sectigo.com
  • *.usertrust.com
• If wildcards are not allowed, whitelist the following hostnames:
  • crl.enterprise.sectigo.com
  • crt.enterprise.sectigo.com
  • ocsp.enterprise.sectigo.com
  • crl.usertrust.com
  • ocsp.usertrust.com
•  IP addresses for Sectigo services can be found at:
  • https://www.cloudflare.com/en-gb/ips/
  • (Note: IP-based filtering is not recommended.)

 

📅 Deadline - April 3, 2026

These changes must be implemented by April 3, 2026. Failure to do so may result in issues logging into APEX on your ERDS workstation.

 

📞 Need Help?

If you have any questions or concerns, please contact:

Greg Dapkus
Technical Director, CeRTNA
📧 greg.dapkus@certnaca.gov
📞 657-216-1400 (for immediate assistance)