Telia offers certificate services in following countries:
| Sweden | Finland | Norway | Estonia | Lithuania | Denmark |
CERTIFICATE SERVICE CONTACT
NEWS
--
A CHANGE IN TELIA CA HIERARCHY
Telia CA has updated its CA hierarchy related to publicly trusted TLS and Client certificates on Oct 1st, 2022. This change was done to provide to Telia CA customers new CA hierarchy, new Telia names and URLs, longer validity times and the most recent certificate profiles.
The old Telia Root (TeliaSonera Root CA v1) is already 15 years old but it is still functional and safe for a long time. All old already delivered Telia certificates can be used until they naturally expire.
From October 1st, 2022 all new Telia TLS certificates will be issued by a new Telia Server CA v3 (OV) or Telia Domain Validation CA v3 (DV) and from November 1st 2022 all new Telia Client certificates will be issued by a new Telia Class 1 CA v3 (FI) or Telia Class 2 CA v3 (SE).
CHANGE IN TLS CERTIFICATES
All new Subscriber Certificate deliveries contain the new CA hierarchy as illustrated below:
| TeliaSonera Root CA v1 | → | Telia Root CA v2* | → | Telia subCA v3 | → | End-Entity certificate |
* cross-certified by Telia’s old root
Alternatively Customer may choose to use the hierarchy below, remembering as a prerequisite that the new hierarchy may only be available in the recent versions of operating system’s / browser’s root storages. Telia’s root Certificate Authority ”Telia Root CA v2” has been included in operating systems / browsers less than one (1) year. For older Operating systems / Browser versions the trust is more likely guaranteed by using above Telia CA hierarchy.
| Telia Root CA v2 | → | Telia subCA v3 | → | End-Entity certificate |
In the most TLS cases it is not essential to put the correct CA hierarchy to Customer devices but in some cases (Android, Java, Apple) there may appear trust issues if the CA hierarchy is not according to information above. Telia CA recommends that configuration is always tested after TLS certificate installation by using special tools for that purpose (for example SSLLabs SSLTest). That will guarantee that Customer installation has been done correctly and trust will work.
CHANGE IN CLIENT CERTIFICATES
In Client installation the delivered PKCS#12 package will always include the correct CA hierarchy, but devices that will verify Clients have to be updated manually to accept the new hierarchy and certificate status.
New certificates are available for download at Telia CA Repository.
A CHANGE IN FILE VALIDATION WHEN A DOMAIN CONTAINS AN *
CA / Browser Forum will change Domain Control File Validation rules. Domain names containing a wildcard character * (example: *.domain.com) cannot be validated using file method after December 1st, 2021. Please use DNS, email or phone method for these domain validations.