[cabfpub] Help to support SHA-1 for POS terminals

Doug Beattie doug.beattie at globalsign.com
Thu Apr 7 13:45:46 UTC 2016

Hi Dean,


Unfortunately GlobalSign does not have any roots we can pull from the
current root program, thus the request.




From: Dean Coclin [mailto:Dean_Coclin at symantec.com] 
Sent: Thursday, April 7, 2016 9:12 AM
To: Doug Beattie <doug.beattie at globalsign.com>; public at cabforum.org
Subject: RE: Help to support SHA-1 for POS terminals


Do you know which roots the terminals support? We’ve had good success by
using roots removed from browsers but still exist in terminals.



From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Doug Beattie
Sent: Thursday, April 07, 2016 6:48 AM
To: public at cabforum.org <mailto:public at cabforum.org> 
Subject: [cabfpub] Help to support SHA-1 for POS terminals


Per related posts on this topic, I’m forwarding an email from one of our
customers for a request to issue them 2 SHA-1 SSL certificates which will
allow them to continuing POS terminals  until they complete their SHA-2
migration later this year.


GlobalSign would like approval to issue 2 SHA-1 SSL certificates to the
domains below which would expire before 1/1/2017 and which would have 20
bits of entropy in the serial number field.






From: SERGIO EDUARDO SOLARI ANGELO <ssolari at bpd.com.do
<mailto:ssolari at bpd.com.do> >
Sent: Wednesday, April 6, 2016 6:37:34 PM
To: Doug Beattie; Laila Robak
Cc: vgonzalez at seguridadamerica.com <mailto:vgonzalez at seguridadamerica.com> 
Subject: Help to support SHA-1 


Dear Sirs. 


We would like to present the following situation for your consideration. 


Since February 7th 2016 we have established a relationship with Seguridad
America a representative of Global Sign. Our previous CA was Symantec
Verisign represented by Cert Superior and we were issued a certificate that
supports SHA-1 and they failed to inform us that this protocol had a


We urgently need your consideration for the issuance of a certificate that
can support SHA-1. If not, we would be under serious risk of losing
operations in an estimated 13,000 POS terminals which operate under our
current “stand-alone” platform which would require nationwide onsite visits
for software upgrades and in some cases hardware replacement which would
need to undergo a purchasing process. 


Based on previous explanation, we request your consideration and your
assistance in this urgent matter. We would require 2 certificates that
support SHA-1 for the rest of calendar year 2016, while we continue the
acquisition and deployment of the terminals. We estimate that this process
would conclude by November.


It’s very critical for Banco Popular to get the certificates that support
SHA-1 in order to avoid important financial loss and affect thousands of
Customers that we serve. 


The expiration date of the two certificates of Production is May 22nd 2016. 

The domains of the certificates are:




We highly appreciate your consideration of this matter and thank you in
advance for any assistance you may be able to provide given that we had no
knowledge of this situation and therefore the scope of its impact.


Our Best Regards 


Sergio E. Solari A.

Technology Executive Vice president





- Este mensaje y sus anexos pueden contener información confidencial y
privilegiada con la intención de que sea utilizada por las personas u
organizaciones a quienes esta dirigida, por lo que su uso es exclusivo para
su destinatario. Si usted ha recibido este mensaje por error, favor de
eliminarlo e informar al remitente del mensaje a través de un correo de
respuesta. Si este es el caso, le notificamos que queda estrictamente
prohibida la distribución o reproducción de este e-mail y/o sus anexos.
Grupo Popular no se hace responsable de las opiniones vertidas en esta
comunicación que no estén acordes con su quehacer y fines, y que no se
revistan de un carácter oficial. 

- This message and its enclosures may contain confidential and privileged
information intended for the use of people and organizations to which it is
directed and its use is thus limited to its addressee. If you have received
this message by mistake, please eliminate it and inform the sender through a
reply message. Should this be the case, you are advised that the
distribution or reproduction of this e-mail and/or any attachments contained
herein is strictly forbidden. Grupo Popular is not liable for opinions
expressed in this message which may not coincide with its responsibilities
and purpose and which may not express official matters. 

Grupo Popular. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160407/09f6eabb/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 12050 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160407/09f6eabb/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4289 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160407/09f6eabb/attachment-0001.p7s>

More information about the Public mailing list