On Friday morning, April 21st, 2006, AIS will install a new SSL digital certificate on its ISIS servers. This new certificate is being issued from GeoTrust as opposed to Verisign. We do not expect any interruption to ISIS service during this update.

To ISIS enabled applications support teams:

Because we are using a new certificate by a different certificate authority, please verify that your application (specifically, the framework your application uses to make SSL-encrypted web service calls) trusts the GeoTrust root certificate (yes, it says it’s an Equifax cert. GeoTrust aquired Equifax a while ago.):

Equifax Secure Global eBusiness CA-1
Organization:Equifax Secure Inc.
Country: US
Serial Number: 01
Validity Period: Mon Jun 21, 1999 to Sun Jun 21, 2020 (GMT)
Certificate Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
Certificate Fingerprint (SHA-1):
7e:78:4a:10:1c:82:65:cc:2d:e1:f1:6d:47:b4:40:ca:d9:0a:19:45
Key Length: 1024

Most modern development framework in the market today already trust this GeoTrust root certificate, which means you shound not need to ake any action.

At this point, we are aware of only one exception: Java runtimes older than 1.4.2_02 do not automatically turst this Geotrust root certificate. If you are calling ISIS web service from a Java application running on a runtime older than 1.4.2_02, you have 2 options:

1. Update your version of Java to at least 1.4.2_02
2. Import the GeoTrust root certificate manually.

If you choose to import the root certificate, use the following command to import the GeoTrust root certificate:

keytool -import -trustcacerts -file [/path/to/esgb.pem] -keystore 
[/path/to/CACERTS]

The reference for the java keytool utility can be found at:

http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

The root certificate is available here .