skip to primary navigationskip to content
 

Lookup root certificate change in January 2019

last modified Oct 31, 2018 04:39 PM
The current SSL certificates for the University Lookup service will be replaced a few days before they expire in January 2019. Users of the Lookup web service API may need to take action to prepare for this change.

The current SSL certificates for the University Lookup service and its associated web service API expire on 26 January 2019, and will be renewed a few days prior to that. The new certificates will be signed by a different root certificate, which may cause problems for some API users if the new root certificate is not installed on your systems. This should not affect normal use of Lookup in web browsers, or via LDAP.

The new root certificate will be the "QuoVadis Root CA 2 G3" certificate, rather
than the old "QuoVadis Root CA 2" certificate. The certificates on the test
instance of Lookup
have already been updated, so you can use this for testing.

The advice for API users varies by environment:

  • If you're using the Python or PHP client libraries supplied by the UIS, you may need to upgrade to the latest versions, which include the new root certificate. See the links at the top of https://www.lookup.cam.ac.uk/doc/ws-doc/.

  • If you're using the Java client and are running a reasonably up-to-date version of Java (e.g., Oracle Java >= 8u91), you shouldn't need to do anything because the new root certificate is included by default in modern Java releases.

  • If you're running an older version of Java, you'll need to either update to a more modern Java (preferable) or import the new root certificate into Java's Trust Store. On Linux, that involves doing something like:

    [As root]
    cd $JAVA_HOME/jre/lib/security/
    keytool -import -trustcacerts -alias "QuoVadis Root CA 2 G3" -file
    /etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem -keystore cacerts

    (quoting the default keystore password, which is "changeit")

  • If you're using the API in other environments, you may need to install the new root certificate in different ways, depending on the software that you're using, or you may find that you have nothing to do. Either way, I'd recommend testing it now.

I expect to deploy the new certificates during the week starting Monday 21
January 2019. I would strongly recommend testing against lookup-test before
then, even if you don't think anything needs changing.

If you have any queries, feel free to contact me at .

Phone transparent  Service status line: (01223) 463085
Website transparent  Sign up for SMS/email status alerts

Getting help


UIS Service Desk
General support queries

  Phone transparent  (01223 7) 62999

UAS Service Desk
Administrative staff queries

  Phone transparent  (01223 3) 32999


Other IT service desks