NOTICE DATE: August 7, 2014
NOTICE TYPE: M-B071614-05 General
SHORT DESCRIPTION: Reminder - ERCOT will upgrade Client Digital Certificates required for secure access to ERCOT websites from 1024 bit to 2048-bit encryption
INTENDED AUDIENCE: ERCOT Market Participants
DAY AFFECTED: August 17, 2014
LONG DESCRIPTION: Beginning August 17, 2014, ERCOT is upgrading all Client Digital Certificates issued to Market Participants for access to secure ERCOT websites from 1024 bit to 2048-bit RSA keys utilizing
the 2048-bit RSA private Root Certification Authorities. See additional detail in Market Notice M-B071614-01 below.
CONTACT: If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email
at [log in to unmask].
If you are receiving email from an ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list:
http://lists.ercot.com.
mm
NOTICE DATE: July 16, 2014
NOTICE TYPE: M-B071614-01 General
SHORT DESCRIPTION: ERCOT will upgrade Client Digital Certificates required for secure access to ERCOT websites from 1024 bit to 2048-bit encryption
INTENDED AUDIENCE: ERCOT Market Participants
DAY AFFECTED: August 17, 2014
LONG DESCRIPTION: To meet the requirements of
National Institute of Standards and Technology (NIST) Special Publication 800-131A (Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key
Lengths), ERCOT is upgrading all Client Digital Certificates issued to Market Participants for access to secure ERCOT websites from 1024 bit to 2048-bit RSA keys utilizing the 2048-bit RSA private Root Certification Authorities.
Beginning August 17, 2014, ERCOT will use the new 2048-bit RSA Private Root configuration when issuing all new (and renewed) Client Digital Certificates required to access secure ERCOT websites. Market Participants will NOT be required
to revoke and reissue existing Client Digital Certificates after the upgrade. All existing 1024-bit Client Digital Certificates will continue to function until their expiration.
All Market Participants will need to install the new Client Digital Certificate root certificates in addition to the existing root certificates. The two attached documents are provided as sample instructions for system administrators who
will need to install the new root certificates prior to August 17, 2014.
The required Client Root Certificates listed below are available for download at the
Root Certificates and Public Keys page of the ERCOT website:
·
For access to production environments
o
ERCOT_CA.cer (ERCOT’s Production Client Root Certificate)
·
For access to the Market Operations Test Environment (MOTE)
o
ERCOT_TEST_CA.cer (ERCOT’s TEST Client Root Certificate)
Additional Market Notices will be sent with details on market-wide WebEx workshops to discuss the upgrade.
ADDITIONAL INFORMATION: The ERCOT Market Operations Test Environment (MOTE) will be available on July 28 for market testing of the 2048-bit certificates prior to the production cutover. The MOTE environment
can be accessed with the following URLs:
https://testingapi.ercot.com/2007-08/Nodal/eEDS/EWS/.
Failure to install the new root certificates by August 17, 2014, will result in the inability for new Certificates to be installed in browsers when requested. This will affect the ability to connect to any ERCOT secured website after the
existing certificates expire.
For browser users, root certificates will need to be installed into the trusted root certificate store at the workstation level. This can be done through the Microsoft Management Console (MMC) by system administrators. System administrators
may also utilize Group Policy Objects (GPO) within Active Directory to push root certificates to all systems that may currently or potentially access ERCOT secured websites via a Client Digital Certificate. Sample instructions are attached to this notice.
For Windows based .NET API applications, root certificates will need to be installed into the trusted root certificate store at the server level. This can be done through the Microsoft Management Console (MMC). An application restart
is suggested to recognize the new certificate.
For Windows based Java API applications, root certificates will need to be converted based on specific application requirements, and installed into the application’s local trusted root certificate store. An application restart is
suggested to recognize the new certificate.
For UNIX based systems, root certificates will need to be converted based on specific application requirements, and installed into the application’s local trusted root certificate store.
CONTACT: If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email
at [log in to unmask].
If you are receiving email from an ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list:
http://lists.ercot.com.
sa