New Certificate Vendor - Sectigo

CeRTNA is transitioning to a new certificate vendor, Sectigo (https://www.sectigo.com). Effective immediately, the following changes are required for all ERDS workstations.

⚠️ Please contact your IT department to implement the following updates. These changes must be completed by November 30, 2025, to avoid issues logging into APEX on your ERDS workstation.

🔐 Certificate Installation

The CeRTNA Root CA certificate must be installed as a trusted root certificate authority on your ERDS workstation.  Please refer to the following PDF: 

🧱 Firewall Configuration

Update your firewall or proxy whitelist settings to allow communication with Sectigo services.

• Wildcard Hostname (preferred):
  *.sectigo.com
• If wildcards are not allowed, whitelist the following hostnames:
  • crl.enterprise.sectigo.com
  • crt.enterprise.sectigo.com
  • ocsp.enterprise.sectigo.com
•  IP addresses for Sectigo services can be found at:
  • https://www.cloudflare.com/en-gb/ips/
  • (Note: IP-based filtering is not recommended.)

📅 Deadline - November 30, 2025

These changes must be implemented by November 30, 2025. Failure to do so may result in issues logging into APEX on your ERDS workstation.

📞 Need Help?

If you have any questions or concerns, please contact:

Greg Dapkus
Technical Director, CeRTNA
📧 greg.dapkus@certnaca.gov
📞 657-216-1400 (for immediate assistance)