{"id":599,"date":"2018-02-05T15:49:43","date_gmt":"2018-02-05T15:49:43","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=599"},"modified":"2020-05-06T10:27:53","modified_gmt":"2020-05-06T17:27:53","slug":"ipv6-support-by-certificate-authorities-cas","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/","title":{"rendered":"IPv6 Support by Certificate Authorities (CAs)"},"content":{"rendered":"<p>IPv6 adoption has been growing exponentially and the protocol is now supported in all modern operating systems and by many carriers.\u00a0 It used to be that cloud service providers lacked IPv6 connectivity, but now\u00a0<a href=\"\/ipv6-coe\/amazon-web-services-is-getting-into-the-ipv6-holiday-spirit\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon AWS<\/a>\u00a0and\u00a0<a href=\"https:\/\/azure.microsoft.com\/en-us\/updates\/ipv6-for-azure-vms\/\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Microsoft Azure<\/a>\u00a0have solid IPv6 connectivity and configurability.\u00a0\u00a0<a href=\"\/ipv6-coe\/using-a-content-delivery-network-to-ipv6-enable-your-site\/\" target=\"_blank\" rel=\"noopener noreferrer\">CDN providers<\/a>\u00a0have also deployed IPv6 for their accelerated and cached content.\u00a0 There are still a few areas where IPv6 support is lacking; for example, one we recently mentioned was\u00a0<a href=\"\/ipv6-coe\/geolocation-with-ipv6\/\" target=\"_blank\" rel=\"noopener noreferrer\">IPv6 geolocation<\/a>.\u00a0 Another is how many of the dominant Internet\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Certificate_authority\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Certificate Authorities<\/a>\u00a0(CAs) have historically lacked IPv6 connectivity.\u00a0 In this article, we explore if this is still the situation or if commercial CAs have improved in their use of IPv6.<\/p>\n<h2 id=\"toc-hId--1333283241\">Importance of Certificate Authorities<\/h2>\n<p>The Internet now relies heavily on\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Transport Layer Security<\/a>\u00a0(TLS) and\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/X.509\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">X.509<\/a>\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Public_key_certificate\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">digital certificates<\/a>\u00a0to enable web sites to use\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/HTTPS\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">HTTPS<\/a>\u00a0and encrypt traffic in transit.\u00a0 Events in recent years have raised awareness to eavesdropping and mass surveillance eroding personal privacy. As a result, there is now extensive activity in the CA realm helping facilitate a global trend to use more HTTPS and use less HTTP.\u00a0 Also, there is increased importance placed on the trust provided by these public CAs.\u00a0 Organizations who rely on these CAs are also aware of the trustworthiness of the CAs themselves given the year 2011 security breaches affecting\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/DigiNotar\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Comodo and DigiNotar<\/a>\u00a0along with the 2012\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Trustwave_Holdings#Unrestricted_sub-CA_incident\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Trustwave sub-CA security incident<\/a>.\u00a0 Therefore, the performance, availability, and trustworthiness of the CAs is important to everyone using their services.<\/p>\n<h2 id=\"toc-hId--445779560\">Organizations Require IPv6-Enabled CAs<\/h2>\n<p>When it comes to an organization\u2019s public-facing web services and applications, fast and reliable connectivity along with the requirement that these services function using both Internet protocol versions are a must.\u00a0 Virtually all web servers such as Apache, Nginx, and Microsoft IIS support IPv6.\u00a0 It naturally follows that organizations want their public-facing sites be reachable by the broadest array of clients\u00a0<em>and<\/em>\u00a0that those clients\u00a0<a href=\"\/ipv6-coe\/can-ipv6-really-be-faster-than-ipv4-part-1\/\" target=\"_blank\" rel=\"noopener noreferrer\">may experience better performance when using IPv6<\/a>.\u00a0 As your organization strives to ultimately run a single protocol (IPv6) and works toward operating an IPv6-only data center, you will want to be aware of all systems that are still only using the single IPv4 legacy protocol.\u00a0 If the CA does not support IPv6, then you will be unable to perform\u00a0<a href=\"\/ipv6-coe\/dns-based-authentication-of-named-entities-dane\/\" target=\"_blank\" rel=\"noopener noreferrer\">DNS-based Authentication of Named Entities<\/a>\u00a0(DANE) cross-validation of a DNS name and the certificate using solely IPv6 transport.\u00a0 Therefore, having your Internet CA use both IPv4 and IPv6 effectively is important.<\/p>\n<h2 id=\"toc-hId-441724121\">Historic Lack of IPv6 Support in CAs<\/h2>\n<p>The lack of IPv6 support by commercial Certificate Authorities has been a documented problem for many years now.\u00a0 The older research shows that many of the top CAs didn\u2019t support IPv6.\u00a0 The following is a picture from\u00a0<a href=\"https:\/\/revocation-report.x509labs.com\/#ocsp=root,crl=root,ocspRange=2013-01-15+2013-03-03,crlRange=2013-01-15+2013-03-01\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">research performed by x509labs.com back in 2013<\/a>\u00a0(unfortunately, their site doesn\u2019t exist anymore).\u00a0 From this chart we can see that only a few CAs supported IPv6 a mere four years ago.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-601\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/ipv6-in-ca.png\" alt=\"IPv6 Support in CAs\" width=\"500\" height=\"470\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-in-ca.png 500w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-in-ca-300x282.png 300w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>Their research also showed that some CAs perform faster than others.\u00a0 This may be related to low Internet latency resulting from the network location where the test was performed (or perhaps highlights relative ubiquity of the CAs Internet infrastructure).<\/p>\n<p>In addition to this chart above, another\u00a0<a href=\"http:\/\/unmitigatedrisk.com\/?p=147\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">set of research performed mid-2012<\/a>\u00a0showed that most of the CAs didn\u2019t support IPv6 for their\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Certificate_revocation_list\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Certificate Revocation List<\/a>\u00a0(CRL) \u00a0or their\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Online_Certificate_Status_Protocol\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Online Certificate Status Protocol<\/a>\u00a0(OCSP) (<a href=\"https:\/\/tools.ietf.org\/html\/rfc6960\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">RFC 6960<\/a>) services.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-600\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/ca-repositories-ipv6.jpg\" alt=\"CA Repositories and IPv6\" width=\"500\" height=\"466\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ca-repositories-ipv6.jpg 500w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ca-repositories-ipv6-300x280.jpg 300w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>From both these pervious analyses we can see that many of the top Certificate Authorities that issue digital certificates did not support IPv6.\u00a0 Now we will want to determine if this is still the case of if the CAs have improved their IPv6 connectivity.<\/p>\n<h2 id=\"toc-hId-1329227802\">Most Popular CAs<\/h2>\n<p>There are numerous commercial CAs, but only a few companies are the dominant commercial CAs with the majority of market share.\u00a0 We can see which companies are the top CAs by looking at the\u00a0<a href=\"https:\/\/w3techs.com\/\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">World Wide Web Technology Surveys<\/a>\u00a0<a href=\"https:\/\/w3techs.com\/technologies\/overview\/ssl_certificate\/all\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">(W3Techs) page that shows the most popular Internet CAs<\/a>. \u00a0To limit our analysis to a reasonable amount of effort, we will focus on the few leaders in the commercial CA market who have the most customers and certificates.<\/p>\n<p>In recent years there has been a consolidation of CAs as mergers and acquisitions have occurred.\u00a0 At one point, Verisign was the most recognized commercial CA with over 3 million certificates issued.\u00a0 Verisign acquired Thawte in 1999 and GeoTrust\u2019s CA business in 2005. In 2010, Verisign sold their PKI business to Symantec.\u00a0 More recently, the Symantec Website Security along with their PKI services,\u00a0<a href=\"https:\/\/www.digicert.com\/news\/digicert-completes-acquisition-of-symantec-ssl\/\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">have been sold to DigiCert<\/a>. As a result, DigiCert will soon take over operation of the combined DigiCert\/Symantec\/Verisign\/GeoTrust\/Thawte PKI business.<\/p>\n<p>We are adding\u00a0<a href=\"https:\/\/letsencrypt.org\/certificates\/\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Let\u2019s Encrypt<\/a>\u00a0to our analysis as a deserved honorable mention because they graciously offer a free X.509 certificate authority service to help promote Internet security best practices.\u00a0\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Let's_Encrypt\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">Let\u2019s Encrypt is a \u201cpublic benefit organization\u201d operated by Internet Security Research Group<\/a>\u00a0(ISRG) and they leverage automation to make it easy and inexpensive for organizations to use a public CA.<\/p>\n<p>The other factor to consider is that CAs come configured by default in the client\u2019s browser.\u00a0 Depending on the web browser\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/User_agent\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">user agent<\/a>, there may be a different set of default CAs installed and trusted.\u00a0 All these top-ranked commercial CAs are trusted by virtually all browsers.<\/p>\n<p>Therefore, for the purposes of this assessment we will just focus on Comodo, IdenTrust, DigiCert, GoDaddy, GlobalSign and Let\u2019s Encrypt.<\/p>\n<h2 id=\"toc-hId--2078235813\">Analysis of IPv6 Support by Major CAs<\/h2>\n<p>The following table shows the results of the IPv6 connectivity testing for each of these popular commercial CAs.\u00a0 First, we tested if their web site was reachable using both IP versions.\u00a0 Next, we tested to see if their own authoritative DNS name servers were reachable through both IPv4 and IPv6.\u00a0 In the fourth column, we show if their Certificate Revocation List (CRL) was reachable over IPv6.\u00a0 In the fifth column we show if their Online Certificate Status Protocol (OCSP) service was reachable over IPv6 transport.\u00a0 If the entry is highlighted in green then the service is reachable using both IPv4 and IPv6 (dual-protocol), if the entry is highlighted red then the service is reachable using IPv4-only.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-602\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/ipv6-support-by-cas.png\" alt=\"IPv6 Support by CAs\" width=\"599\" height=\"250\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-support-by-cas.png 599w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-support-by-cas-300x125.png 300w\" sizes=\"auto, (max-width: 599px) 100vw, 599px\" \/><\/p>\n<p>Note: Most of these CAs have multiple DNS servers.\u00a0 The \u201c#\u201d nomenclature is used to indicate that there are several different numbers used in the FQDN of the DNS servers and that each of these name servers was tested for IPv6 connectivity.\u00a0 For example, Symantec uses UltraDNS, but the udns1. and udns2. servers are IPv4-only, while the other pdns1., pdns2., (and so on through pdns6.) name servers are dual-protocol name servers.<\/p>\n<p>We should also mention that our rudimentary testing was a point-in-time test made at the time this article was published.\u00a0 The IPv6 connectivity of these CAs is subject to change without notice.<\/p>\n<p>In our testing we discovered that some of these large-scale commercial CAs rely on Content Delivery Networks (CDNs) and cloud-based DNS services to provide fast and reliable delivery of their Internet services.\u00a0 We have witnessed that many of the popular\u00a0<a href=\"\/ipv6-coe\/using-a-content-delivery-network-to-ipv6-enable-your-site\/\" target=\"_blank\" rel=\"noopener noreferrer\">CDN providers<\/a>\u00a0support IPv6 and as a byproduct, that makes many of these CA services IPv6-capable.<\/p>\n<h2 id=\"toc-hId--1190732132\">Conclusions<\/h2>\n<p>From this basic research, it is evident that the commercial CA industry has increased its use of IPv6. But there is still room for improvement.\u00a0 There were four CA services we found that had comprehensive IPv6 support: Comodo, DigiCert\/Verisign, GlobalSign, and Let\u2019s Encrypt.\u00a0 GlobalSign seems to have supported IPv6 the longest of all the CAs as they were noted by the earlier research as fully IPv6-enabled.\u00a0 Our research also showed that there are three large commercial CAs that need to improve their IPv6 adoption: IdenTrust, DigiCert, and GoDaddy.\u00a0 Hopefully, in the coming year, DigiCert can take the IPv6 best practices from among their acquisitions and apply those same best practices to their own CA service.<\/p>\n<p>You should be aware of which CAs are using IPv4 and IPv6.\u00a0 If your current commercial CA, or the CA you are considering, is not actively using IPv6 at this date, then it might raise questions about that CA\u2019s engineering team\u2019s sophistication.\u00a0 If you are purchasing a public certificate from one of these popular CAs, you may prefer to choose a CA that is adroit with its use of IPv6 as well as legacy IPv4.<\/p>\n<p>Scott Hogg\u00a0<a href=\"https:\/\/twitter.com\/scotthogg\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">(@ScottHogg<\/a>) is CTO of\u00a0<a href=\"https:\/\/hexabuild.io\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">HexaBuild.io<\/a>, an IPv6 consulting and training company.\u00a0 Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (<a href=\"https:\/\/www.rmv6tf.org\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">RMv6TF<\/a>) and authored the Cisco Press book on\u00a0<a href=\"http:\/\/www.ciscopress.com\/store\/ipv6-security-9781587055942\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">IPv6 Security<\/a>.\u00a0 Follow HexaBuild on\u00a0<a href=\"https:\/\/twitter.com\/hexabuild\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Twitter<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/hexabuild\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">LinkedIn<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>IPv6 adoption has been growing exponentially and the protocol is now supported in all modern operating systems and by many carriers.\u00a0 It used to be that cloud service providers lacked IPv6 connectivity, but now\u00a0Amazon AWS\u00a0and\u00a0Microsoft Azure\u00a0have solid IPv6 connectivity and configurability.\u00a0\u00a0CDN providers\u00a0have also deployed IPv6 for their accelerated and cached content.\u00a0 There are still a [&hellip;]<\/p>\n","protected":false},"author":321,"featured_media":603,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[17],"tags":[38,31,39,15],"class_list":{"0":"post-599","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ipv6-coe","8":"tag-ipv6","9":"tag-networking","10":"tag-protocols","11":"tag-security","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>IPv6 Support by Certificate Authorities (CAs)<\/title>\n<meta name=\"description\" content=\"IPv6 adoption has been growing exponentially and the protocol is now supported in all modern operating systems and by many carriers.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IPv6 Support by Certificate Authorities (CAs)\" \/>\n<meta property=\"og:description\" content=\"IPv6 adoption has been growing exponentially and the protocol is now supported in all modern operating systems and by many carriers.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-05T15:49:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:27:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Scott Hogg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Scott Hogg\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/\"},\"author\":{\"name\":\"Scott Hogg\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ee71ac61fe2ea349f6e991e628d22f4c\"},\"headline\":\"IPv6 Support by Certificate Authorities (CAs)\",\"datePublished\":\"2018-02-05T15:49:43+00:00\",\"dateModified\":\"2020-05-06T17:27:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/\"},\"wordCount\":1431,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/march-31.jpg\",\"keywords\":[\"IPv6\",\"Networking\",\"Protocols\",\"Security\"],\"articleSection\":[\"IPv6 CoE\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/\",\"name\":\"IPv6 Support by Certificate Authorities (CAs)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/march-31.jpg\",\"datePublished\":\"2018-02-05T15:49:43+00:00\",\"dateModified\":\"2020-05-06T17:27:53+00:00\",\"description\":\"IPv6 adoption has been growing exponentially and the protocol is now supported in all modern operating systems and by many carriers.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/march-31.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/march-31.jpg\",\"width\":600,\"height\":413},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/ipv6-coe\\\/ipv6-support-by-certificate-authorities-cas\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IPv6 CoE\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/ipv6-coe\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"IPv6 Support by Certificate Authorities (CAs)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ee71ac61fe2ea349f6e991e628d22f4c\",\"name\":\"Scott Hogg\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"caption\":\"Scott Hogg\"},\"description\":\"Scott Hogg has 30 years of network and security experience and is president of Hogg Networking with. Scott Hogg specializes in teaching Internet Protocol version 6 (IPv6) and providing implementation guidance. Scott is CCIE #5133 (Emeritus) and CISSP #4610. Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), a member of the IPv6 Center of Excellence (COE), and co-author of the Cisco Press book on IPv6 Security.\",\"sameAs\":[\"https:\\\/\\\/hexabuild.io\"],\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/scott-hogg\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"IPv6 Support by Certificate Authorities (CAs)","description":"IPv6 adoption has been growing exponentially and the protocol is now supported in all modern operating systems and by many carriers.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/","og_locale":"en_US","og_type":"article","og_title":"IPv6 Support by Certificate Authorities (CAs)","og_description":"IPv6 adoption has been growing exponentially and the protocol is now supported in all modern operating systems and by many carriers.\u00a0","og_url":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/","og_site_name":"Infoblox Blog","article_published_time":"2018-02-05T15:49:43+00:00","article_modified_time":"2020-05-06T17:27:53+00:00","og_image":[{"width":600,"height":413,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31.jpg","type":"image\/jpeg"}],"author":"Scott Hogg","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Scott Hogg","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/"},"author":{"name":"Scott Hogg","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ee71ac61fe2ea349f6e991e628d22f4c"},"headline":"IPv6 Support by Certificate Authorities (CAs)","datePublished":"2018-02-05T15:49:43+00:00","dateModified":"2020-05-06T17:27:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/"},"wordCount":1431,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31.jpg","keywords":["IPv6","Networking","Protocols","Security"],"articleSection":["IPv6 CoE"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/","url":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/","name":"IPv6 Support by Certificate Authorities (CAs)","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31.jpg","datePublished":"2018-02-05T15:49:43+00:00","dateModified":"2020-05-06T17:27:53+00:00","description":"IPv6 adoption has been growing exponentially and the protocol is now supported in all modern operating systems and by many carriers.\u00a0","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31.jpg","width":600,"height":413},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ipv6-support-by-certificate-authorities-cas\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"IPv6 CoE","item":"https:\/\/www.infoblox.com\/blog\/category\/ipv6-coe\/"},{"@type":"ListItem","position":3,"name":"IPv6 Support by Certificate Authorities (CAs)"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ee71ac61fe2ea349f6e991e628d22f4c","name":"Scott Hogg","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","caption":"Scott Hogg"},"description":"Scott Hogg has 30 years of network and security experience and is president of Hogg Networking with. Scott Hogg specializes in teaching Internet Protocol version 6 (IPv6) and providing implementation guidance. Scott is CCIE #5133 (Emeritus) and CISSP #4610. Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), a member of the IPv6 Center of Excellence (COE), and co-author of the Cisco Press book on IPv6 Security.","sameAs":["https:\/\/hexabuild.io"],"url":"https:\/\/www.infoblox.com\/blog\/author\/scott-hogg\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/321"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=599"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/599\/revisions"}],"predecessor-version":[{"id":3664,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/599\/revisions\/3664"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/603"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}