ORC ECA final phase of SHA-256 migration

ORC ECA final phase of SHA-256 migration

Posted on Friday, October 7th, 2016

As part of the DoD’s transition to SHA-256, WidePoint (formerly ORC) will begin the final phase of migrating our ECA offerings to SHA-256 in October.  Beginning October 12, all new person certificate requests will be from the new ORC SHA-256 ECA Certificate Authority, ORC ECA 6.  To ensure that we maintain compliance with DoD ECA Certificate Policy, no SHA-1 ECA certificate that expires after November 11, 2016 will be renewed.  All requests will be new requests requiring Identity verification.  This may require new smart cards/crypto-tokens for Medium-Token Assurance and Medium-Hardware Assurance certificate users.

This is all part of the DoD’s transition to SHA-256 this year.  In January 2016, DoD required that all new ECA SSL/server certificates be issued with SHA-256.  In July, the DoD began issuing SHA-256 CACs and has ceased issuance of SHA-1 CACs.

In preparation for this transition, our site (https://eca.orc.com) has had the new SHA-256 ECA Root certificate and ORC ECA Intermediate certificate posted on our Trust CA’s page for most of the year.  DoD resources (like the DoD’s InstallRoot tool) have had the SHA-256 DoD and ECA PKI trust paths indicated for even longer.

What is not different:

What is different:

Frequently Asked Questions