You May Have to Reissue your Certificate!!
Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec/Geotrust/Thawte/
Symantec-issued certificates impacted by browser timelines will need to be replaced to bring them under the new Digicert platform. These will be replaced at no cost to all certificates issued prior to December 1st 2017, and Digicert will work to ensure a smooth process. Many customers have already received information on certificate replacement, and more information will be forthcoming for affected parties.
Acmetek is currently working on a smooth transition for their clients and will be notified if they have an effected cert by this transition in the next couple of months.
Things to know:
- This reissue only pertains to SSL Certificates where clients access websites/applications via Chrome.
- If your clients are not using Chrome you do NOT need to perform the reissue.
- Symantec/Geotrust/Thawte/Rapid SSL Certificates Issued Prior to December 1st 2017 will have to be reissued into the new chain hierarchy under the Digicert umbrella.
- All Certificates Issued after December 1st 2017 will automatically be placed under the Digicert umbrella new chain hierarchy.
- All Certificates Renewed after December 1st 2017 will automatically be put under this new chain hierarchy.
- These Reissues will allow your certificates to be trusted by all versions of Chrome.
- Symantec Roots are NOT being removed.
- This does not effect code signing or other non SSL products.
- Newly issued 3 year certificates issued before December 1st and during 2017 must be reissued/renewed before March 1st 2018.
- Max Deadline to have all certificates reissued, or renewed is September 1st 2018. Some Reissues may need to be re-authenticated depending on when the certificate was last issued.
Digicert’s Authentication – Things to Know:
- Digicert has a more robust, modern, and quick Authentication platform. Please review Digicert’s Certificate Validation Process to know more.
- Initially, The biggest hold-ups that customers can control are:
- DCV (Domain Confirmation Verification) for security the verification goes to the domain admin, not the cert admin.
- The verification call (making sure someone is aware at the main number that there will be a verification call within the next 24 hours)
- Having you provide the correct legally registered name for the organization to avoid Digicert having to ask for it later.
- After initial Authentication has been processed…as long as the contact and organization info is the exact same.. Digicert will streamline the processing for future orders