We just deployed new SSL certificates for some of our services. Sending e-mails via our mail server no longer requires the import of our root CA certificate beforehand, but may require a restart of your e-mail client. Internal websites (like account management and password changing) or websites which are hosted by us and don't end in .ethz.ch got new certificates signed by our new root CA certificate. To avoid annoying and irritating warnings, we recommend you import our root CA certificate into your web browser.

The new root certificate will be installed in the web browsers on our managed workstations within the next days, too.

For a long time we used so called wildcard SSL certificates for most of our web sites and services. Especially newer web browsers issued warnings about them. We recently exchanged the wildcard certificate on https://www.phys.ethz.ch/ and other websites to a new type of SSL certificate listing all websites hosted on that machine. Since today also our infrastructure servers (e.g. https://registration.phys.ethz.ch/), have such a new SSL certificate.

If you have installed our CA certificate as described in our article How to configure web browsers, the new certificates won't cause any more security warnings. If you have not installed our CA certificate in your web browser, a warning about a new unknown certificate will pop up for many of our SSL-enabled websites every time we add a new website. Because a new website means that we have to generate a new SSL certificate for the whole web server the new site is hosted on. We therefore recommend to install our CA certificate in your web browser to avoid those annoying warnings on D-PHYS websites.