Upcoming Changes to SSL/TLS Certificates: What You Need to Know

We want to inform you about an important upcoming industry-wide change affecting SSL/TLS certificates, the technology used to secure websites, remote access services, and system integrations.

What are SSL/TLS certificates used for?

Within our environments, SSL certificates play a critical role in securing:

• Remote access via gateway services
• API integrations with the GenetiQ platform and related systems
• Website domains managed by developers or hosting providers
  
  

What is changing?

Industry standards governing SSL/TLS certificates are evolving. Over the coming years, certificate lifetimes will be significantly reduced.

This means certificates will need to be:

• Renewed more frequently
• Validated more often
• Replaced on a shorter cycle than before

These changes are being driven by global certificate authorities, browser vendors, and major technology providers as part of wider efforts to improve internet security.

Importantly, this is an industry-wide change outside of our control and will affect all organisations using SSL certificates, regardless of provider.

Moving to a Managed SSL Certificate Service

Due to the increased operational overhead, including monitoring expiry dates, managing renewals, and ensuring continuity, we will be moving to a Managed SSL Certificate Service.

This service includes:

• Ongoing monitoring
• Renewal management
• Full lifecycle management of SSL/TLS certificates

It applies to certificates used for remote access, API integrations, and related services.

What this means for existing customers

To ensure uninterrupted service, all existing customer SSL certificates will be moved to this managed service by default.

If you prefer not to use this service, please let us know.

It is important to note that remote access services and API integrations rely on valid SSL certificates. Without proper renewal and management, these services will stop functioning.

Website certificates

For SSL certificates used on websites:

• Please continue to liaise directly with your web developer or hosting provider
• As before, we do not install or bind certificates on websites

However, we can:

• Issue certificates on your behalf
• Send them directly to your developer or a nominated email address
• Schedule delivery to align with renewal timelines
  
  

Customers without an ICT maintenance contract

If we do not currently provide IT support under an ICT maintenance contract:

• You should arrange SSL certificate management with your IT or hosting provider
• Certificates should be issued and delivered at least two weeks before expiry to allow time for installation and testing

GenetiQ On-Prem API integrations

For customers using GenetiQ On-Prem, previously known as Intact iQ:

• SSL certificates referenced within API definitions may require updates during renewals
• Due to increased renewal frequency, this may result in additional ongoing configuration work

What action do you need to take?

1. If you are happy for us to manage your SSL certificates

No action is required.
We will handle:

• Certificate renewal and binding for remote access gateways
• Certificate updates within API integrations across all GenetiQ products
  
  

2. If you use SSL certificates for a website

Please ensure your web developer or hosting provider is prepared to install updated certificates when issued.
We can send certificates directly to them on a scheduled basis.

3. If you wish to cancel your SSL certificate

Please let us know by logging a ticket via your helpdesk system.

Need help?

If you have any questions about how these changes may affect your systems, our team is here to help.

https://support.genetiqsoftware.com/support/login