• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

Do I need to Renew my Belgacom E-Trust Primary Certificate or does is it Re-Generates itself on my Windows 2003 Network Servers ?

Hi, to it may concern,
I have three Dell Power Edges computers thats running Windows 2003 Server Operating Applications and each computer is using the IEEE 802.1 Eap type Certificate for Authentication use on the Network.
I notice that the Belgacom E-Trust Primary CA certificate is close to Expiring and is only Valid from 11-4-1998 to 1-21-2010

Does Belgacom E-Trust Primary CA Certificate Re-Generate by itself on the Servers or do I need to Re-Generate with a new Valid Date ??   Please let me know ASAP what needs to be done if possible.
Belgacom-E-Trust-Primary-CA-Cert.pdf
0
baeind
Asked:
baeind
  • 4
1 Solution
 
ParanormasticCryptographic EngineerCommented:
If memory serves, Belgacom root will just be expiring.  You will need to replace your existing certificates with one issued from a different root.  They are now issuing their certificates under the GTE Cybertrust root certificate as Certipost, which the GTE root is still valid for a number of years to come and is owned by Verizon Business, who sells subordinate CA certs to larger companies such as this.  

Their new certificate chain is all valid until the issuing CA's expiration in 2015.  If you wish to maintain presence with that company, Belgacom now sells certs under the Certipost name:
https://www.certipost.be/webshop/index.php?cPath=41
0
 
ParanormasticCryptographic EngineerCommented:
(you need to do this yourself - the replacement server cert is a purchased product and does not automatically renew, and it does not appear that belgacom is maintaining their root directly anymore, else it would have been updated a couple years ago)
0
 
baeindAuthor Commented:
Whats the most that can happen if My Belgacom E-Trust Primary CA Expires on my Server Machines ?

If possible Tell me how to INSTALL and go about Re-Generating a New Belgacom E-Trust Primary CA Certificate on my server machines ?
0
 
ParanormasticCryptographic EngineerCommented:
Users will start getting popup warnings due to the certificate expiration.  This bothers a lot of people, but they can click "yes" and it would still be secure.  The problem is that certificates are set to expire after a certain period of time for a reason - after they expire they should be considered as potentially compromised - i.e. the user has no assurance that any of the certificates are legit and may choose to not accept the warning as it may be directed to another server responding to that name by a malicious attacker -- this is what they are "supposed" to do.

If you don't need a cert from the same place, you can get one from godaddy for about US$30 or so and keep your users happy that their data is secure and going to where it is supposed to go to.
0
 
ParanormasticCryptographic EngineerCommented:
You cannot make a new Belgacom E-Trust Primary CA Certificate, and nobody else is going to.  This was made by Belgacom company, not you, and was accepted by Microsoft for distribution in all of their applications many years ago.

You need to find another certificate vendor.  The users generally aren't going to be picky - if they are for some reason then go with Certipost as they are the same company as belgacom, but they aren't making a new one.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now