DigiCert introduces tool to facilitate replacement of Symantec-issued certificates; works with users ahead of browser timelines

DigiCert Inc., provider of scalable identity and encryption solutions for the enterprise, issued last week an advisory reminding its customers to replace any SSL certificates issued by Symantec, GeoTrust, Thawte and RapidSSL prior to June 1, 2016 by March 15, 2018, along with a tool that customers can use to determine whether certificate replacement is required.  

March 15 is the initial of two upcoming browser distrust dates for Symantec roots, timed to the release of the Chrome 66 beta. The stable, or general, release of Chrome 66 is scheduled for April.  

DigiCert supports SSL/TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management platform, CertCentral. The company has been recognized with dozens of awards for its enterprise-grade management platform, fast and knowledgeable customer support, and growth.

“The migration away from Symantec roots has been a significant undertaking because of the short timeframe and volume of certificates. However, we have worked around the clock to provide and improve on the migration services, and the process is well underway,” said Jeremy Rowley, EVP Product at DigiCert. “DigiCert has issued several million certificates since December 1 when the migration started, and many customers have taken action to replace affected certificates. In fact, three-out-of-four enterprises and the majority of SMBs have completed pre-validation.”

All certificates are issued using DigiCert’s trusted roots and backend architecture. Impacted customers may order replacement certificates, for free, via their Symantec frontend portals. There is no need to learn new systems, work with new account representatives, and worry about negotiating new contracts. Customers can replace certificates similarly to how they would handle a typical renewal.

Even before the DigiCert acquisition of Symantec Webite Security, Symantec selected DigiCert to operate the Sub CA under the browser requirements, and DigiCert has been working on integrating its validation and issuance systems for some time.

DigiCert is working to meet the deadlines set forth by the browsers by replacing the Symantec back end with DigiCert’s operation and infrastructure. This ensures we can replace Symantec certificates impacted by Symantec root distrust schedules as early as December 1, 2017, using Symantec’s existing front end, workflows, and customer-facing operations. It creates a path for a new root structure and cross-signing intermediates. The new infrastructure was designed to provide ubiquity in all platforms, while aligning to the browser schedules for deprecating through fall of 2018.

The company also replaces the Symantec validation processes with those currently used by DigiCert; and prepares to replace (at no cost) Symantec-issued certificates affected by browser requirements. The company will begin this process as early as Dec. 1, 2017.

“Assisting our customers is our top priority, and that includes helping them in their migration efforts,” Rowley added. “We will continue to work closely with affected customers to provide information and the easiest path forward.”

DigiCert has reached out to all affected customers, and will continue to communicate through multiple channels including email, phone calls, account representatives and in-console messages.

Leave a Reply

WWPI – Covering the best in IT since 1980