Merge branch 'staging' into 0221-fpki-graph-update

.github/ISSUE_TEMPLATE/fpki-system-notification.md

@@ -8,16 +8,14 @@ assignees: ''
 ---
 
 notice_date: 
-change_type:  CA Certificate Issuance, CA Certificate Revocation, New CA, URI Change, System Outage 
-start_datetime: 
-end_datetime: 
-system: 
-change_description: 
+system:
+change_type:  CA Certificate Issuance, CA Certificate Revocation, New CA, URI Change, System Outage, Intent to Issue/Revoke CA Certificate
+change_description: Include start and end dates if applicable
 contact: 
-ca_certificate_hash: 
 ca_certificate_issuer: 
 ca_certificate_subject: 
-ca_cdp_uri: 
+ca_certificate_hash:
+ca_cdp_uri: Certificate Revocation List
 ca_aia_uri: 
 ca_sia_uri: 
 ca_ocsp_uri:

_data/fpkinotifications.yml

@@ -12,7 +12,6 @@
 
 #notice_date: notice date in <Month Day, Year>
 #change_type: < CA Certificate Issuance, CA Certificate Revocation, New CA, CA Termination, New URI in Certificates, OCSP Outage, CRL Outage >
-#start_datetime: start date of the change in <<Month Day, Year> HH:MM> format
 #system: <what is the system known as>
 #change_description: <detailed statement>
 #contact: <email, phone>
@@ -27,6 +26,37 @@
 # ee_cdp_uri:
 # ee_ocsp_uri:  
 
+- notice_date: February 21, 2023
+  change_type: Intent to Issue CA Certificate 
+  system: US Treasury Root CA 
+  change_description: The SSA CA will undergo a key update and a new CA certificate will be issued from the US Treasury Root CA on 03/04/2023.  The new CA key will begin to be used on 04/01/2023 to sign new end-entity certificates.
+  contact: pki_ops at fiscal.treasury dot gov
+### The following are all optional fields based on the change type
+  ca_certificate_hash: N/A
+  ca_certificate_issuer: ou=US Treasury Root CA, ou=Certification Authorities, ou=Department of the Treasury, o=U.S. Government, c=US
+  ca_certificate_subject: ou=Social Security Administration Certification Authority, ou=SSA, o=U.S. Government, c=US
+  cdp_uri: http://pki.treasury.gov/US_Treasury_Root_CA1.crl
+  aia_uri: http://pki.treasury.gov/ssaca_aia.p7c
+  sia_uri: http://pki.treasury.gov/ssaca_sia.p7c
+  ocsp_uri: N/A
+  ee_cdp_uri: https://pki.treasury.gov/SSA_CA4.crl
+  ee_ocsp_uri: http://ocsp.treasury.gov  
+
+- notice_date: February 21, 2023
+  change_type: CA Certificate Revocation
+  system: Treasury SSP
+  change_description: The Treasury Fiscal Service CA was decommissioned on February 15, 2023. 
+  contact: pki_ops at fiscal.treasury dot gov
+  ca_certificate_hash: ed3fb316118257a44ea11a493da1415beb3012d7
+  ca_certificate_issuer: OU = US Treasury Root CA, OU = Certification Authorities, OU = Department of the Treasury, O = U.S. Government, C = US
+  ca_certificate_subject: OU = Fiscal Service, OU = Department of the Treasury, O = U.S. Government, C = US
+  cdp_uri: N/A
+  aia_uri: N/A
+  sia_uri: N/A
+  ocsp_uri: N/A
+  ee_cdp_uri: N/A
+  ee_ocsp_uri: N/A
+
 - notice_date: February 10, 2023
   change_type: CA Certificate Issuance
   system: FPKI Trust Infrastructure - Federal Bridge CA G4

_fpki/7_fpki_notifications.md

@@ -72,13 +72,14 @@ The notification can also be emailed to <span>fpki</span><span>@</span><span>gsa
 Subject:  FPKI System Notification - System Name 
 
 - Notice date  
-- Change type of one of the following: CA Certificate Issuance, CA Certificate Revocation, New CA, URI Change, System Outage  
-- Change start date   
-- Change end date  
-- Change description  
+- System
+- Change type of one of the following: CA Certificate Issuance, CA Certificate Revocation, New CA, URI Change, System Outage, Intent to Issue/Revoke CA Certificate    
+- Change description: Include a start date or end date if applicable
 - Contact email  
-- If the change is a new or revoked CA certificate, include the CA Certificate hash (sha1 thumbprint), Issuer and Subject DNs  
-- If the change is a new URI, include the new CDP, AIA, SIA, or OCSP value  
+- Issuer 
+- Subject DNs  
+- If the change is a new or revoked CA certificate, include the CA Certificate hash (sha1 thumbprint), 
+- If the change is a new URI, include the new Certificate Revocation List (CRL), Certificate Bundle AIA and SIA, OCSP, EE CRL DP, and/or EE OCSP value. 
 
 
 

_fpki/tools/fpki_tools_profile_conformance.md

@@ -37,57 +37,66 @@ To better serve the FPKI community, the CPCT was transitioned from an online app
 
 # Step-by-step Instructions
 
+{% include alert-warning.html heading="Note" content="If you are an existing user of the CPCT Tool and have not used it in a while or you were sent here to reinstall the CPCT Tool, we advise that you first remove the previously installed Docker CPCT Tool container and image from Docker Desktop before downloading and installing a new version of the CPCT Tool." %}
+
+
 1. Go to [Docker Desktop](https://www.docker.com). Download and install the version compatible with your device (MacOS, Windows or Linux).
 
     <img src="{{site.baseurl}}/assets/fpki/tools/docker-website.png" alt="Docker.com Website" style="padding-left:30px;">
     <br><br>
 
-2. Once Docker Desktop has been installed successfully on your device, it will continue to run in the background and no further action will be required.
+2. Once Docker Desktop has been installed successfully, it will continue to run in the background on most systems. If you see that Docker is not running, please make sure it is running before installing the CPCT Tool in the next step.
 
     <img src="{{site.baseurl}}/assets/fpki/tools/docker_desktop.png" alt="Docker Desktop" style="padding-left:30px;">
-    <br><br>
+    <br><br>  
+
+
+3.  Next, click the link below or copy and paste it into your web browser to visit the releases page.
+
+    - Link: [https://github.com/GSA/cpct-tool/releases](https://github.com/GSA/cpct-tool/releases){:target="_blank"}{:rel="noopener noreferrer"}
+      <br><br>
 
-3. Next, copy and paste the link below in your web browser. Download the zip file of the latest released version. It can be located in the device’s Downloads folder as indicated in the screenshot below.
+4. To download the latest release, click the **Source code (zip)** link at the bottom of the page, then save to download the zip file.
 
-    - Link: [https://github.com/GSA/cpct-tool/releases](https://github.com/GSA/cpct-tool/releases)
+    <img src="{{site.baseurl}}/assets/fpki/tools/cpct-source.png" alt="Source Zip" style="padding-left:30px;">
     <br><br>
 
-4. Go to your device’s Downloads folder and copy the cpct-tool-1.x.x.zip (your version number may be different). file to your Desktop. Then, extract the folder and save it on the device Desktop for ease of use.
+5. Go to the location you downloaded the cpct-tool-1.x.x.zip (your version number may be different) file and copy it to your Desktop. Then, extract the folder to your Desktop for ease of use.
 
     <img src="{{site.baseurl}}/assets/fpki/tools/cpct-tool-zip-download.png" alt="Zipped CPCT Folder" style="padding-left:30px;">
     <br><br>
 
-5. Open the `cpct-tool-1.x.x` folder and  double click the `start.exe` file. Refer to the screenshot below.
+6. Open the `cpct-tool-1.x.x` folder and  double click the `start.exe` file. Refer to the screenshot below.
 
     <img src="{{site.baseurl}}/assets/fpki/tools/cpct-unzipped-files.png" alt="CPCT Folder Unzipped" style="padding-left:30px;">
     <br><br>
 
-6. The following window may appear, based on the device’s user settings. Click on **"More info"**.
+7. The following window may appear, based on the device’s user settings. Click on **"More info"**.
 
     <img src="{{site.baseurl}}/assets/fpki/tools/more-info.png" alt="More Info" style="padding-left:30px;">
     <br><br>
 
-7. The following window will then appear on your screen. Select the **"Run anyway"** icon.
+8. The following window will then appear on your screen. Select the **"Run anyway"** icon.
 
     <img src="{{site.baseurl}}/assets/fpki/tools/run-anyway.png" alt="Run Anyway" style="padding-left:30px;">
     <br><br>
 
-8. A Command line prompt window will open and ask whether you would like to continue, as shown in the screenshot below.
+9. A Command line prompt window will open and ask whether you would like to continue, as shown in the screenshot below.
 
     <img src="{{site.baseurl}}/assets/fpki/tools/start_install.png" alt="Start of Install" style="padding-left:30px;">
     <br><br>
 
-9. If you are ready for the CPCT to build, type “y” and hit enter at the blinking cursor. Allow the program to fully execute the build of the CPCT image in Docker Desktop. Once complete, the status message shown below will appear.
+10. If you are ready for the CPCT to build, type “y” and hit enter at the blinking cursor. Allow the program to fully execute the build of the CPCT image in Docker Desktop. Once complete, the status message shown below will appear.
 
     <img src="{{site.baseurl}}/assets/fpki/tools/end_install.png" alt="End of Install" style="padding-left:30px;">
     <br><br>
 
-10. To confirm that your image is running, check Docker Desktop to make sure you see the `cpct-tool:latest` running
+11. To confirm that your image is running, check Docker Desktop to make sure you see the `cpct-tool:latest` running
 
     <img src="{{site.baseurl}}/assets/fpki/tools/cpct-tool-docker.png" alt="cpct-tool:latest running" style="padding-left:30px;">
     <br><br>
 
-11. Arrive at the CPCT landing page. Use the CPCT application as in the past. Remember to bookmark this page for future use.
+12. Arrive at the CPCT landing page. Use the CPCT application as in the past. Remember to bookmark this page for future use.
 
     <img src="{{site.baseurl}}/assets/fpki/tools/cpct_in_browser.png" alt="The CPCT Tool Running Locally" style="padding-left:30px;">
     <br><br>
@@ -96,7 +105,7 @@ To better serve the FPKI community, the CPCT was transitioned from an online app
 
 Links to the CPCT Tool and associated support pages:
 
-- GitHub link:  [https://github.com/GSA/cpct-tool](https://github.com/GSA/cpct-tool)
-- GitHub Releases page:  [https://github.com/GSA/cpct-tool/releases](https://github.com/GSA/cpct-tool/releases)
-- GitHub Wiki page:  [https://github.com/GSA/cpct-tool/wiki](https://github.com/GSA/cpct-tool/wiki)
-- GitHub Issues page:  [https://github.com/GSA/cpct-tool/issues](https://github.com/GSA/cpct-tool/issues)
+- GitHub link:  [https://github.com/GSA/cpct-tool](https://github.com/GSA/cpct-tool){:target="_blank"}{:rel="noopener noreferrer"}
+- GitHub Releases page:  [https://github.com/GSA/cpct-tool/releases](https://github.com/GSA/cpct-tool/releases){:target="_blank"}{:rel="noopener noreferrer"}
+- GitHub Wiki page:  [https://github.com/GSA/cpct-tool/wiki](https://github.com/GSA/cpct-tool/wiki){:target="_blank"}{:rel="noopener noreferrer"}
+- GitHub Issues page:  [https://github.com/GSA/cpct-tool/issues](https://github.com/GSA/cpct-tool/issues){:target="_blank"}{:rel="noopener noreferrer"}