New PID Encryption certificate for Production Environment
502 views
Skip to first unread message
Jyjesh
Oct 28, 2019, 8:51:35 AM10/28/19
to Aadhaar Registered Devices Discussion Group
Dear All,
The current UIDAI certificate used to encrypt PID block in Authentication request is going to expire by 30th Dec 2019.
Please find the new production public certificate, uidai_auth_prod.cer(Latest) in below link, which can be used straight away in authentication request to encrypt the PID block.
All the device providers are requested to migrate their production RD service to the new certificate well before 30th Dec 2019.
Note: The new certificate is valid until 21st Oct 2022
Please tune into this space for further updates !!
Regards,
Team UIDAI.
Netaji Rao
Oct 30, 2019, 3:23:35 AM10/30/19
to aadha...@googlegroups.com
UIDAI team,
Vendors were instructed to "hardcode" the prod_encryption_cert inside RDService. Now with this new prod_cert, all the Rdservices need to be updated.
We understand the rational behind hardcoded certificate, but Rdservice upgrade will be an operational issue whenever the cert is changed, especially when customer doesn't support auto upgrade.
Why can't we allow Rdservice to fetch the encryption_certificate content or hash of the cert during init and maintain it in memory ? Do we see any issues in this approach?
Thanks,
Netaji Rao D
Thanks,
Netaji Rao D
--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/3a68332c-af24-4a2f-b37f-09c11964f34f%40googlegroups.com.
Royston Mascarenhas
Oct 30, 2019, 6:51:44 AM10/30/19
to Aadhaar Registered Devices Discussion Group
Dear UIDAI team,
I understand there is also a requirement to pin the management server SSL cert ( at least on Android ) to prevent the
server from being spoofed.
If we have this as a requirement across all platforms we can safely receive the UIDAI certificate from the management
server as we are sure about the identity of the server.
We do not need to do additional hardcoding of the UIDAI certificates along with SSL pinning which will require forced updates
on the field when either the certificates of the management server or that of UIDAI change.
best regards,
Royston.
To unsubscribe from this group and stop receiving emails from it, send an email to aadha...@googlegroups.com.
natekar srinivas
Oct 30, 2019, 7:19:51 AM10/30/19
to aadha...@googlegroups.com
Dear Netaji,
I think we have closed this discussion long back. Device Provider is
having enough time to roll-out new service. pls guide your customer
to upgrade service in case if they are not aware or you can have a
Hard push / Mandatory upgrade instead of soft push.
Regards,
Srinivas- UIDAI Team.
> To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/CAOt%2BV9OpUx9RxVOWOsom7o5uoc9gq5AtEy06unwShhiG2LJ4CQ%40mail.gmail.com.
I think we have closed this discussion long back. Device Provider is
having enough time to roll-out new service. pls guide your customer
to upgrade service in case if they are not aware or you can have a
Hard push / Mandatory upgrade instead of soft push.
Regards,
Srinivas- UIDAI Team.
Reply all
Reply to author
Forward
0 new messages