CA provider from Entrust to Let's Encrypt on web gateway for WILDCARD_SSL/TLS Certificates, WC_uoguelph_ca
What is happening?
The Certificate Authority (CA) provider for WILDCARD_SSL/TLS Certificates, specifically WC_uoguelph_ca, is being migrated from Entrust to Let’s Encrypt. This change is being implemented to leverage the benefits of Let’s Encrypt, including cost-effectiveness, automation capabilities, and widespread trust. This migration will utilize an existing, tested Ansible playbook for automated certificate issuance and renewal.
Existing TLS Certificate Details
The current TLS certificate chain for *.uoguelph.ca is as follows:
depth=3: C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority RSA R2
depth=2: C = US, O = SSL Corporation, CN = SSL.com TLS RSA Root CA 2022
depth=1: C = US, O = SSL Corporation, CN = Entrust OV TLS Issuing RSA CA 1
depth=0: C = CA, ST = Ontario, L = Guelph, O = University of Guelph, CN = *.uoguelph.ca
Not Before: Jan 6 14:47:10 2025 GMT
Not After: Jan 6 14:57:05 2026 GMT
When will this take place?
The scheduled migration will take place on: Date: November 12, 2025 Time: 9:00 AM ~ 12:00 PM
Which web services could this impact?
This migration will impact all web services utilizing *.uoguelph.ca domains. Here is the list:
aadtraining.uoguelph.ca
admission.uoguelph.ca
aeb.uoguelph.ca
ahl.uoguelph.ca
alfredc.uoguelph.ca
alumni.uoguelph.ca
aplacetogrow.uoguelph.ca
archive.uoguelph.ca
arts.uoguelph.ca
astra.uoguelph.ca
atguelph.uoguelph.ca
athletics.uoguelph.ca
bdo.uoguelph.ca
biodiversity.uoguelph.ca
bioinf.uoguelph.ca
biophysics.uoguelph.ca
bireporting.uoguelph.ca
brandguide.uoguelph.ca
campusday.uoguelph.ca
canadiansi.uoguelph.ca
catalystcentre.uoguelph.ca
cbase.uoguelph.ca
ccjp.uoguelph.ca
ccstest.uoguelph.ca
ccs.uoguelph.ca
cdn.uoguelph.ca
cecs.uoguelph.ca
ceps.uoguelph.ca
cfarm.uoguelph.ca
cfru.uoguelph.ca
cftcentre.uoguelph.ca
chemistry.uoguelph.ca
chugtest.uoguelph.ca
cio.uoguelph.ca
cmer.uoguelph.ca
cme.uoguelph.ca
coles.uoguelph.ca
collegeroyal.uoguelph.ca
confreg.uoguelph.ca
courseeval.uoguelph.ca
courselink.uoguelph.ca
cpes.uoguelph.ca
creativewriting.uoguelph.ca
csahs.uoguelph.ca
csl.uoguelph.ca
cso.uoguelph.ca
devoutlines.uoguelph.ca
dfinancesystems.uoguelph.ca
discover.uoguelph.ca
dvsport.uoguelph.ca
encampus.uoguelph.ca
engcluster.uoguelph.ca
engineering.uoguelph.ca
esl.uoguelph.ca
event.uoguelph.ca
executiveprograms.uoguelph.ca
experientiallearning.uoguelph.ca
fare.uoguelph.ca
financesystems.uoguelph.ca
fire.uoguelph.ca
foodsci.uoguelph.ca
gecg.uoguelph.ca
geg.uoguelph.ca
gradorientation.uoguelph.ca
gryphforms.uoguelph.ca
gsli.uoguelph.ca
guestsponsor.uoguelph.ca
honeybee.uoguelph.ca
hospitality.uoguelph.ca
housing.uoguelph.ca
hrdev.uoguelph.ca
hrtest.uoguelph.ca
hr.uoguelph.ca
iamagryphon.uoguelph.ca
ice.uoguelph.ca
idol.uoguelph.ca
indigenous.uoguelph.ca
infosec.uoguelph.ca
intranet.uoguelph.ca
ipdo.uoguelph.ca
ipt.uoguelph.ca
irp.uoguelph.ca
kemptvillec.uoguelph.ca
leadership.uoguelph.ca
listserv.uoguelph.ca
maestro.uoguelph.ca
manchukuolit.uoguelph.ca
maplewoods.uoguelph.ca
mathstat.uoguelph.ca
mba.uoguelph.ca
mbiotech.uoguelph.ca
molecular.uoguelph.ca
mydevicetest.uoguelph.ca
mydevice.uoguelph.ca
myphone.uoguelph.ca
nanoscience.uoguelph.ca
nano.uoguelph.ca
nmr.uoguelph.ca
nutristep.uoguelph.ca
oacleadership.uoguelph.ca
oac.uoguelph.ca
oarcdata.uoguelph.ca
obrcdata.uoguelph.ca
odrcdata.uoguelph.ca
oisp.uoguelph.ca
opened.uoguelph.ca
openonline.uoguelph.ca
open.uoguelph.ca
osrcdata.uoguelph.ca
outlines.uoguelph.ca
ovc.uoguelph.ca
parents.uoguelph.ca
physics.uoguelph.ca
police.uoguelph.ca
policies.uoguelph.ca
poppydev.uoguelph.ca
poppynew.uoguelph.ca
poppytestnew.uoguelph.ca
poppytest.uoguelph.ca
poppy.uoguelph.ca
prospect.uoguelph.ca
psa.uoguelph.ca
qmaticbus.uoguelph.ca
qmatic.uoguelph.ca
saoh.uoguelph.ca
scienceolympics.uoguelph.ca
secure.uoguelph.ca
sedrd.uoguelph.ca
ses.uoguelph.ca
soe.uoguelph.ca
sofamprintstudy.uoguelph.ca
spark.uoguelph.ca
stage.uoguelph.ca
strategicrenewal.uoguelph.ca
studentaffairs.uoguelph.ca
studentlife.uoguelph.ca
sustainability.uoguelph.ca
sustainablecommerce.uoguelph.ca
tableau.uoguelph.ca
testchug.uoguelph.ca
tfinancesystems.uoguelph.ca
tle.uoguelph.ca
tutoring.uoguelph.ca
ufinancesystems.uoguelph.ca
unitedway.uoguelph.ca
virtualvetderm.uoguelph.ca
wellness.uoguelph.ca
wireless.uoguelph.ca
What do you need to do before the scheduled migration as a service owner?
Action Required: Please verify whether your web applications need to import the root certificate from Let’s Encrypt at the backend. The specific root certificate to consider is:
depth=2: C = US, O = Internet Security Research Group, CN = ISRG Root X1
Typically, such needs exist for any server-to-server connections to endpoints behind the web gateway that use these certificates, since the Let’s Encrypt roots may not be in your application’s trust store. If you determine that you need to import the root certificate, please do so before the scheduled migration on November 12, 2025.
If you have any questions, please feel free to reach out to me directly.
Posted Nov 12, 2025 - 06:30 EST