NOTE: This notice has been amended on 2/10/2017.
In addition to the change to HSTS that was mentioned below, the Treasury Department delayed updating the HTTPS cert it uses for the Treasury.gov domain during the 1/10/2017 maintenance window. Instead this change was made on 2/2/2017. Users may have to reinstall the root certificate for the site if they experience connection problems. The root certificate that was installed was not a GeoTrust certificate as previously mentioned in this announcement, but instead was a ceritificate issued by Verisgin. The full certification path for this new cert is Verisign - Symantec Class 3 ECC 256 SSL CA - G2 - www.treasury.gov.
Users can download this certificate by visiting any secure download path on the Treasury website and using their browser's ceriticate management controls to install this new certificate.
Please contact OFAC technical support at 1-800-540-6322 Option #8 or O_F_A_C@treasury.gov with any questions that you may have about this change.
Important Technical Announcement for Users of OFAC's Sanctions List Data Files:
Per Office of Management and Budget (OMB) mandate, the Treasury Department will be implementing HTTP Strict Transport Security (HSTS) headers on the Treasury.gov website on Thursday, January 12 during an evening maintenance window. There is no anticipated downtime associated with this change; however, the change affects multiple domains and sub-domains, and will force users to the HTTPS site, as opposed to allowing browsers to redirect from HTTP to HTTPS. This has the potential to impact scripts that users may have developed to poll Treasury.gov for data.
In addition to this change, the Treasury Department will also be updating the HTTPS cert it uses for the Treasury.gov domain during the aforementioned maintenance window. Users may have to reinstall the root certificate for the site if they experience connection problems.