My Health Record B2B and Mobile Gateway SSL Certificate Renewal - Production Environment
The My Health Record System Operator advises there will be a planned upgrade to the My Health Record system Production environment on Thursday 11 February from 9:30 AM – 2:00 PM. All functionality of the Production environment will remain available.
During this planned upgrade, there will be a My Health Record B2B and Mobile Gateway SSL Certificate update to the Production My Health Record system certificates below:
The Intermediate CA is also changing from ‘DigiCert SHA2 Secure Server CA’ to ‘DigiCert TLS RSA SHA256 2020 CA1’.
ACTION IS REQUIRED before Wednesday, 10 February 2021 by vendors of software that connect to the My Health Record Production environment to ensure communication with the My Health Record System B2B and Mobility gateway will not be affected by the change. To assess if your software product could be impacted by the renewal of the My Health Record B2B or Mobile Gateway SSL certificate, you should clarify the following:
- Is your product explicitly configured to trust the My Health Record B2B or Mobile Gateway SSL certificates issued above?
- Is DigiCert TLS RSA SHA256 2020 CA1 absent from your trust store?
If you answered ‘YES’, you will be required to trust the renewed certificates and/or to install the new DigiCert Intermediate CA (DigiCert TLS RSA SHA256 2020 CA1) on your application server in the Trusted CA store before Wednesday, 10 February 2021. It is recommended to trust both the current and new Digicert Intermediate CA. Please contact us for the renewed certificates or for additional details.
Technical Notice of My Health Record Gateway Certificate Renewal
The Production My Health Record systems will be renewing their Secured Socket Layer (SSL) certificate. If any software vendor has chosen to implement explicit trust against an instance of the My Health Record B2B or Mobility Gateway SSL certificate, there is a risk that the SSL certificate validation flow may fail under the following situations:
- The software explicitly trusts a particular instance of the My Health Record SSL certificate; or
- My Health Record B2B or Mobility Gateway SSL certificate has been renewed but the vendor trust store has not been updated.
Which certificates are being renewed?
Details of the replacements:
Root Certificate Authority:
DigiCert Global Root CA
DigiCert SHA2 Secure Server CA will change to DigiCert TLS RSA SHA256 2020 CA1
The System Operator apologises for any inconvenience this will cause.