*the following email was broadcasted to all recipients in our contact list on 4 Sep 2024.
Dear Corppass Partners,
Recently, we noticed some partners are pinning our domain leaf certificates, causing issues during our routine TLS certificate renewal.
Leaf certificate pinning is problematic. If a network pins a leaf certificate for specific domains, it risks losing access when these domains updates their TLS certificate, leading to disruptions. Hence, we have consistently advised Relying Parties against leaf certificate pinning.
Recommended Approach
You should either broadly trust certificates issued by well-known CAs or install all AWS root certificates in your trust store (repository accessible at https://www.amazontrust.com/repository/). However, be aware that AWS may periodically change its root certificate, requiring you to update to maintain the cert chain's integrity. For more details, refer to this article.
What’s Next
Some of you have expressed the need for time to address this issue. To assist, we are notifying you of our upcoming activity. This is a one-time reminder, and we may not be able to provide advance notice for future TLS certificate changes on any of our domains. We will perform two successive PRD certificate rotation on id.corppass.gov.sg at the following times
- 5.00 PM on 18 Sep 2024 - TLS Certificate Rotation
- 11.00 PM on 20 Sep 2024 - TLS Certificate Rotation, IP Address Change (*Important - ensure that you are not whitelisting us by IP Address )
Please take the necessary actions to ensure a smooth transition.
As always, thank you for your continued support in making Corppass better for everyone. Feel free to raise a ticket at our Help Center if you have any questions.
Thank you.
Comments
6 comments
Hi Wei Lai, Any update of this? It seems like id.corppas.gov.sg TLS cert still signed by Entrust.
Hi Alvin, the cert rotation activity was rolled back because we detected a few high volume eServices breaking upon the cert change. We have gotten in touch with them and they will be fixing it.
If you would like to check the health of your traffic during window which CP was using the new AWS certs, please submit a request through the web form and I will be in touch.
Thank you.
Hi Wei Lai,
May we know when will Corppass do this activity again?
Hi Haryanto, we will rotating our certificate and migrating our domain on 14 Oct 2024, at 12pm.
Hi, I would like to confirm that the certificate has rotated and the domain has been migrated today.
Hi Eng Boon, the certificate rotation was completed at 1203hrs today (14 Oct 2024).
Please sign in to leave a comment.