Subject: Administrative: Update #2 Product Distribution and Access This is a multi-part message in MIME format. --Boundary_(ID_z4ncLIdxxvOrdxeOTnMGrg) Content-type: multipart/alternative; boundary="Boundary_(ID_r1o3I6Vcm40wOcoqeJe1sg)" --Boundary_(ID_r1o3I6Vcm40wOcoqeJe1sg) Content-type: text/plain; charset=utf-8; format=flowed Content-transfer-encoding: 7BIT *Update #2* - CBU certificate updates are complete. If you are a PDA pull user who is unsure if this would affect you, you should try your CBU connection now. If you can not connect with your automated scripts, a manual connect will identify if it is a certificate issue. *Update #1 - *We are pursuing a critical weather day waiver for this this activity. We plan to update certificates today August 29 at CBU (backup site) between 14 and 19Z. We plan to update certificates in OPS tomorrow August 30 between 14 and 17Z. * Topic: *PDA certificate are expiring -- Action Required NLT August 28 to avoid data loss *Date/Time**Issued: *August 29, 2017 1820Z *Product(s) or Data Impacted:*All products from the Product Distribution and Access (PDA) system as well as access to User Portal *Date/Time of Initial Impact:*August 29, 2017 1400Z *Date/Time of Expected End:*Ongoing *Length of Event**:* Ongoing ** *Details/Specifics of Change:* * * PDA Users -- *DO NOT DELETE THIS MESSAGE WITHOUT CONFIRMING WITH YOUR SYSTEM ADMIN AND NETWORK SUPPORT TEAM * With the expiration of DOD CA-27 on September 8, 2017, a majority of ESPDS/PDA X.509 certificates must be replaced before then. The new certificates will be signed by DOD Root CA 3 and have intermediate certificates of DOD ID SW CA-37 and DOD ID SW CA-38. This affects all ESPDS/PDA interfaces that use FTP-S and/or HTTPS, including the User Portal and Web Services. If your systems perform CA checking, please ensure these are installed on your systems prior to ESPDS/PDA deploying updated certificates.By default, most HTTPS and FTPS clients verify certificates (i.e., if your systems pull from or push to ESPDS/PDA).While most servers (i.e., ESPDS/PDA pushes data to your system or pulls data from it) do not verify client certificates, some, especially in DoD, do. ESPDS/PDA plan to update certificates on Tue 29 August 2017, with the 30th or 31st as backup in the event of critical weather.All affected interfaces need to install the certificates for DOD Root CA 3 and Intermediate CA-37 and CA-38 NLT than Mon 28 August 2017 to avoid data loss.*/A/**/dd /**/the new CAs /**/but do not remove /**/DoD CA-27; removing CA-27 before ESPDS/PDA deploys the new certificates could result in data loss./**//* A fallback if you cannot install the new CAs by 28 August is to disable certificate verification in your systems. Attached are the 3 CAs pertaining to ESPDS/PDA. Alternatively you can install a super set of all of the latest DOD Roots via https:// www.militarycac.com/dodcerts. If you are directly checking the public portion of the PDA certs for authentication (should pertain only to GOES-R, JPSS, CLASS, and AWIPS DD, who are being connected separately), please reach out to Greg.Kihm@noaa.gov , Dennis.Wick@noaa.gov or Jennifer.Holmes@noaa.gov, who can provide the correct versions to you or if you have any questions. * Contact Information for Further Information:* ESPC Operations at ESPCOperations@noaa.gov and 301-817-3880 *Web Site(s) for applicable information:* N/A* * This message was sent by ESPC.Notification@noaa.gov. You have been sent this and other notifications because you have opted in to receive it. If for any reason, you wish to unsubscribe, please contact ESPC Help Desk at ESPCOperations@noaa.gov or (301) 817-3880. Please note: it may take up to two business days to process your unsubscribe request. -- Donna P. McNamara Data Access Manager - NOAA/NESDIS/OSPO/MOD/Systems Branch (301)817-3803 I am often away from my desk, so please copyPDA_DHS@noaa.gov on all routine PDA inquiries. Always send operational emergencies toESPCOperations@noaa.gov. Include your user ID and exact information about products/files in question. --Boundary_(ID_r1o3I6Vcm40wOcoqeJe1sg) Content-type: text/html; charset=utf-8 Content-transfer-encoding: 8BIT
Update #2 - CBU certificate updates are complete.  If you are a PDA pull user who is unsure if this would affect you, you should try your CBU connection now.  If you can not connect with your automated scripts, a manual connect will identify if it is a certificate issue. 

Update #1 - We are pursuing a critical weather day waiver for this this activity.  We plan to update certificates today August 29 at CBU (backup site) between 14 and 19Z.  We plan to update certificates in OPS tomorrow August 30 between 14 and 17Z. 

Topic: PDA certificate are expiring -- Action Required NLT August 28 to avoid data loss

Date/Time Issued: August 29, 2017 1820Z

Product(s) or Data Impacted: All products from the Product Distribution and Access (PDA) system as well as access to User Portal

Date/Time of Initial Impact: August 29, 2017 1400Z

Date/Time of Expected End: Ongoing

Length of Event: Ongoing

Details/Specifics of Change:

PDA Users -- DO NOT DELETE THIS MESSAGE WITHOUT CONFIRMING WITH YOUR SYSTEM ADMIN AND NETWORK SUPPORT TEAM

With the expiration of DOD CA-27 ESPDS/PDA X.509 certificates must be replaced before then. The new certificates will be signed by DOD Root CA 3 and have intermediate certificates of DOD ID SW CA-37 and DOD ID SW CA-38.  This affects all ESPDS/PDA interfaces that use FTP-S and/or HTTPS, including the User Portal and Web Services.

If your systems perform CA checking, systems prior to ESPDS/PDA deploying updated certificates.   By default, most HTTPS and FTPS clients verify certificates (i.e., if your systems pull from or push to ESPDS/PDA).  While most servers (i.e., ESPDS/PDA pushes data to your system or pulls data from it) do not verify client certificates, some, especially in DoD, do.

ESPDS/PDA plan to update certificates on Tue 29 August 2017, with the 30th or 31st as backup in the event of critical weather.    Add the new CAs but do not remove DoD CA-27; removing CA-27 before ESPDS/PDA deploys the new certificates could result in data loss.  A fallback if you cannot install the new CAs by 28 August is to disable certificate verification in your systems.

Attached are the 3 CAs pertaining to ESPDS/PDA.  Alternatively you can install a super set of all of the latest DOD Roots via https://www.militarycac.com/dodcerts.

If you are directly checking the public portion of the PDA certs for authentication (should pertain only to GOES-R, JPSS, CLASS, and AWIPS DD, who are being connected separately), please reach out to Greg.Kihm@noaa.gov , Dennis.Wick@noaa.gov or Jennifer.Holmes@noaa.gov, who can provide the correct versions to you or if you have any questions.
Contact Information for Further Information: ESPC Operations at ESPCOperations@noaa.gov and 301-817-3880

Web Site(s) for applicable information: N/A
 This message was sent by ESPC.Notification@noaa.gov. You have been sent this and other notifications because you have opted in to receive it. If for any reason, you wish to unsubscribe, please contact ESPC Help Desk at ESPCOperations@noaa.gov or (301) 817-3880. Please note: it may take up to two business days to process your unsubscribe request. 


--
Donna P. McNamara
Data Access Manager - NOAA/NESDIS/OSPO/MOD/Systems Branch
(301)817-3803
I am often away from my desk, so please
copy PDA_DHS@noaa.gov on all routine
PDA inquiries.
Always send operational emergencies
to ESPCOperations@noaa.gov.
Include your user ID and exact information about products/files in
question.
--Boundary_(ID_r1o3I6Vcm40wOcoqeJe1sg)-- --Boundary_(ID_z4ncLIdxxvOrdxeOTnMGrg) Content-type: application/x-zip-compressed; name="New CAs.zip" Content-transfer-encoding: base64 Content-disposition: attachment; filename="New CAs.zip" UEsDBBQAAAAIAGxRa0jEtXuFvAMAAP4EAAAkAAAARG9EX1Jvb3RfQ0FfM19fMDFfX0RvRF9S b290X0NBXzMuY2VybVRbz6o4FH0n4T/MuzkRvCA+zENLC3IpWuQivglqEbmoCEV+/cHvJJPM ZJrspNlt116ra2f/+jUuiA3T/UvDnm/qpgZ8/E3+EgVimigdNA0ULQPchICN4QMXsvszu9+M NZcgoI0OEEwIbbhGYxRSamBuhcGA4xEBxgaQA6xlZBful75zg5tkfizScvk+RkuJUM419vPK wdzFiUR7hIANmRtC0PiiAGTo7H0cEUh/kEBPXM9YY1O3umROGZUwIwO46FzqSQ6GMfotojMX 6acx9xGFrY8/441/skRvem0A1p8asQ+K0Cce4/ofHjbm69ApSGvic3cuwxEhKeUiqf7NDEhe 5yFMCKj/KOwJCvDbIl7MdfCDhDCXv4qYKATlujtrENH9yNA0oZn/9xexDsBWA1QF33ON2eMe g+eFB2n9qkVhP9fyWQZQZierxxC7dv7Y6y+V66FtwCBlg/Ish8MBH41Vp0Yg//BHSW1F+hjs CXT9i+BfH5FvuUXSI2tSgNyv6ZDtVdrfssl5RZaLcJbKi9i4uUnnq1e1nblGypEUaPdcSUcV 4M6rqLrP1k8yN+MFiFgcfd5uWJRqbyfvD2q6217ffGR0ubvnY7fKLkNDTy+tLw1Fc99jP3hN fTEO+ry09h3R18pEYYeQ4snKceyVmYeWofk7bdpWHthyjr0YVgdyeNXFFRmVaouCk8jT9jzA MkEmnFCS5adgews6tZqXxcCTwtkfIppY25Y6s8vrMUXvwTWm6+Uyv6vKRhOFu66ma19t5b7y r9xEgAJYSyanCJy/7m7oAuuMBon5DOrq0rONeWaHOnp2TjqUSSsKXgo4+naLJ+0A3UxH+xBg hkGA+u2FM+YYTjnVCSAQXFWOaGzZ9dHMutQdXXVEAVKAGMMQWOv+QbRZ8bYBVaCpeOsZ3FX6 zpZLQ8/yUt3OFONmZ+FDO2a2JLUn57aZbERhbeXyk8TWx5tyB04b9sqlR5AuuE9ec6mflK+F o602Dpr31IZod6tnNyV5Ntn7GjRH9yoKZj2JYOJt0SbyrufdZ7n0tQJ6M3+hkmevbSJk63Ae GZi9L0qxlbQmI5llXpVJBrP8o4wc8BLu33oT4TPki+NJbVcP9cEq1tat+04WsFA09QT3d4la 7dt+GOEjrpXsbBry7rhjXBSyvqVYusEhfdKez6FssWnemdtwxgZcK0ct2fDlLqZrlHz2yfxZ D7kZ3nHOlq9r7TWyKFy3zZQmOzmRGuXwXHb3+SmWOuNYBQecV+bfovAzzLCL/mfA/QZQSwME FAAAAAgAbVFrSGw2ZrHEBAAAmgYAACYAAABEb0RfUm9vdF9DQV8zX18xMl9fRE9EX0lEX1NX X0NBLTM3LmNlcm2Vy7KqOBSG51b5Dj3fdUoQbwwTEgJIUO7gTEADAqKgRnj6xr1PdZ3uaiap Wkm+/GvlX+TXr/GDmOjWXwp2PF3VFeDhT/DXdEJ1HTdIUcCiYIDrEDAd4guwICvveVkQmQsQ 2J0KEEyo3XHFjlFg2wRzI/AHHI8EGBMg+ljJ6T5wl55ZQC2RDlVaLx+HcClQm3OFfe8yMbdw IthvhMAWMiuAoPOmEyBC0/VwSKH9TQJvajlExrpqvBLJZraAGR3ASeXC2/LAkl7oOOoDRcFx jPWjhv9EqSq8lQEYP2fEHqgCjzqMqz86tpjLgVnRp46zV1YHIyGpxSq5/lsZEJyXgzCloPnJ 8E2Rjx/GHyQ0krAn2Gw6cX2b+WL6UfugQ8oZwwUFAlHcO3H1REI2HivpA7DQIeLgM78FzVhx W+na67aYTu7n0I9f8LC8NdaS0N3q3jyqdWQsCDmzWdVuiluyT1nspnyjmVH7PpahwMHXE5dS XB5n08ksOfvsUZjKvZ3PXBoHunuJio5VQPOLrXi7RtUKWIakkmhxKho5ypJXcY4uKX0uVnNP mk6i5gDSJOFlub4syXy/eBrXzSafk/rWxsZw2lumIm16yoqFSp1un+ZBfIsk9V3OeYR3Yx3y /uTGr+cpCncDfmCk4L591vZbO4fSrn0KycpovQO9DY9ddfQy+cq2Zqun22OEe/JoL9NJpTQl rD1gpqv3td/WvnVeOLJeN19VkHBX71NyPe13XmukqeP5yaE7R516QkKlh+SqjZ5seSdy+X1s X7q1JrUMGIUAkAtjajs6Hh4GcP7csuZSTBAIGXS64uYW2ZqANJ/D6eSUH++bx7A7PJcqRyD7 Xm0vsMpsXy2cL7mX4Hqpz16ldw3U9W2Wn1abFebo4wtH2I+utrXZeLkIMEIo5h8HZTpwVIop V3hsxPpBB6GvjN1VUtARJVSIC9QKMGwaAzCnE8gqlpcMHmwdKn0zyoi3v3eNVIyQByhkt99r 6EiiDoX690mY4zGLGbd1CmIIzptxFnwIH3UlBD4HCwABAtJ3Zs4GUwSeVOnZ9g6avDg0mebw 6WRXbF6xZHRm7dzSOX4mYdWZc6tPlI/vHdcTZH90/GDWYwzBDjLWQoZVaKdj8s7oB6ou+I7F +pbHENq+RsGWmHUuZBpYmb18SWv+PJBqiN3l4xjy1zGyhiwMyoxsXg6W8XTil/I+wBakomwE ypJbc8p18CeREJX8Qxz1WvxPvaOG//Shwn/6ENjwgJy4F5r9V4+kXYHuVKqKHWMI3Y0iQ255 r/d0rOTt7Zly0UcKuLvLnZ8PW3s+szbMiYed2KwNS7+fhnX55BdRMwRTkxeX5NLT66sNA2lR 59NJLe6GhIj9bLNRX/nJjkxWZV+PS3N5x0GO20Ql2vVN91yMhOCWOF7YgvT0qM7U2mZ874+O 0kSCzmqdDk/3fOf3Q3q8MeNYyTCkutEokSZ2/k6LajZbHa/RW8wkYafJhRcHwqNZr6aTRvPY ao/5+srfFmIkDZiJgh6B3rudbeWcB4uza+pyirxucQWC6zOfHQUxm+eie1u004mwf5TdxdAt o4pfJmMvJ3ym+ow2pcmX6qr+4itofT2+SsyYeV2Nf/fvhwZb6H8en78BUEsDBBQAAgAIAA+C wUq+fwlL2wMAAKQEAAALAAAAZG9kY2EzOC5jZXIzaGJZYNDE3LGAmYmRiYlR2ICXjVOrzaPt Oy8jIzcrg0G0IbcBJxtzKAubMFNosKGEgRiIwyXMH6oXrKfgnl+WWpSXm5pXYshjwAWS4RZm dsl3QeIFeHsaihmIgHjMwrxAOYWg/PwSBWdHBWMDOXFeQ1MDSyNjQ1MjE1PDKHFeI0MkrkEs NSyH6mIW5nfxd1HwdFEIDgfarmtsYdDEqITsXUZWBuYmRn4GoDgXUxMjI8OZ7bw9znlyzSuP vJO/GXOi90LK8flqbwsfqCbl+c54OtPc6uu/s9uY7kaZFwd1RVf6JzOs3sRp8fjqqisW1ceU 93PeNIp/3+Y389Eehorfiusvvp/ynikududb4e877rM3CgSeUihWk7VxPrpPbtvvt8XqF3Tu Ou+ou/zCs/eOYK+CguzHg1kMrEqaEayOb9e+5jSR+zz5x73SRXr712T4OeVu1Z/iqdr5PSRr fkQ+4/S7D8s+VGo12VwMj81+V9JkzTvf7W7Ephmqr2Im3NQs3dfh3FrNZqsd4DOnv9cy/pXV 3+/POtbatk9cVcTXyTn1wtyGNWoakV80d13Rk7Gbcbq82MfjV0ngX87d05mYGRkYFzcxZgND JN1AHhiKssoswOBsEMnpmrKofGNDkWxjldiqT3fOpb1zPWAgC1LAxyLGItJ3dOeZP+f6grdo nXshqHV+tmZO+ikDPpA0PyPjfxYWYFprM/AB8RVYXA2cDbjZOBPaPBhTmRi5VZA56sgcLQMe Ni4wB6idmReFJ2ggBDJNGGQ6hwEbkGJiZACqAIqpsLAaMDcAeeYgnjyLgYGegc4CrQUabWoZ JSUFVvr6yUU5eimZxYl6uZk5II4+MJ0E+fuHODsa6wG5BjlsHNpsjKys7IyMLAkGcQZWML4B U5seNjMyi4tLU1NK8pEMivcM0SswTzZQgOtlbBOB6s1PLi6Aa0bLf8ygdLhQd5nb1oly+7Yk PpLpWa/DUfGptP10jfa+Xb6mjB/YzE7PP7goUENeaLKVtjWrlOo6FdeN6/hDQoUUS3UkebKZ M2qWrtW/pfVawHfR0Ym97bMuxVY4/fR20DGssQudssf+zNWkc4q5u982XngwOdkozk9IWjus xzO9yPzmlmMf3DIFLBtzg9+wNAfWRyqz3tt7dN+TyesO1zrqPPyq7FPibPkz9P556fh86/f/ r2QwnK8z7HrF73C0f9/S/z8KV/7nk0lU77VbsKLZPD9q2Ru1ilv3mfSbVuzPE3vX6S0yReLN jhSjA/sSBGSSrNa/nMh6ek/w/8KdyzQnvFdmajg7f8+kB7VCPl7Mi3ZdBABQSwECFAAUAAAA CABsUWtIxLV7hbwDAAD+BAAAJAAAAAAAAAABACAAAAAAAAAARG9EX1Jvb3RfQ0FfM19fMDFf X0RvRF9Sb290X0NBXzMuY2VyUEsBAhQAFAAAAAgAbVFrSGw2ZrHEBAAAmgYAACYAAAAAAAAA AQAgAAAA/gMAAERvRF9Sb290X0NBXzNfXzEyX19ET0RfSURfU1dfQ0EtMzcuY2VyUEsBAhQA FAACAAgAD4LBSr5/CUvbAwAApAQAAAsAJAAAAAAAAAAgAAAABgkAAGRvZGNhMzguY2VyCgAg AAAAAAABABgAkAhB9BPb0gHgFjL/E9vSAeAWMv8T29IBUEsFBgAAAAADAAMAAwEAAAoNAAAA AA== --Boundary_(ID_z4ncLIdxxvOrdxeOTnMGrg)--