Block Communication with DigiCert on an Imprivata Test Appliance

An issue with the individual identity proofing process for EPCS in Imprivata Confirm ID (with DigiCert) may impact your providers’ ability to e-prescribe controlled substances.

This topic only applies if your organization uses DigiCert for individual identity proofing.

Importing a production database backup into a test Imprivata environment could result in:

  • The revocation of a provider’s DigiCert certificate in production, if that user is deleted in your test environment.

  • The automatic certificate renewal process for providers in production could break.

Because an active certificate is required for EPCS, these providers would lose the ability to e-prescribe controlled substances. These providers would need to identity proof again.

Imprivata and DigiCert do not offer a DigiCert test environment. We advise customers to only test DigiCert functionality in production.

Block Test Appliances from Communicating with DigiCert

To prevent these issues, take the following steps on all your Imprivata test appliances, to ensure certificates continue to auto-renew, and to prevent certificates from being revoked accidentally:

  1. Log into the Imprivata Appliance Console.

  2. Go to NetworkName ResolutionLocal Host Entries.

  3. Click the Add button. The Add Static Host Entry window opens.

  4. In the Fully Qualified Host Name field, enter api.digicert.com

    In the IP Address field, enter 127.0.0.1

  5. Click OK. You will see your new entry in the Local Host Entries section.

  6. Add two more local host entries:

    Fully Qualified Host Name www.digicert.com

    IP Address127.0.0.1

    and

    Fully Qualified Host Name ocsp.digicert.com

    IP Address127.0.0.1

    Network traffic to api.digicert.com, www.digicert.com, and ocsp.digicert.com will now be redirected to the specified IP address. The Imprivata appliance will no longer communicate with the production DigiCert instance.

  7. Repeat this process for all your Imprivata test appliances to ensure certificates continue to auto-renew, and to prevent certificates from being revoked accidentally. If a new test appliance is added, apply these steps to the new appliance as well.