Entrust Hero Image

Switch to DigiCert
TLS/SSL for web

Protect your organization’s reputation and online presence with replacement certificates from DigiCert, trusted by Google and Mozilla.

Get replacement certificates. Fast.

  • Quickly and easily purchase replacement TLS/SSL certificates with a credit card.
  • Your purchase includes access to DigiCert CertCentral®, our award-winning website certificate automation manager.
  • If you have needs not listed here, contact us. Our team can help create a custom solution.
Entrust Steps to Replace Cert
ENTRUST PRODUCT

Entrust Standard Plus OV

Organization validated SSL certificate for standard domains.

Includes:

  • Unlimited reissues
  • Unlimited servers
  • Up to 250 domains
  • 24 X 5 support
ENTRUST PRODUCT

Entrust Wildcard OV

Secures all subdomains with one OV SSL certificate.

Includes:

  • Unlimited reissues
  • Unlimited servers
  • Up to 250 domains
  • 24 x 5 support
Recommended

Basic - OV

Complete business-level validation, reinforcing customer confidence in online presence while securing customer data

Number of domains to protect?

Standard domains mydomain.com
- +

Wildcard domains *.mydomain.com
- +

€22 / month / standard domain
€64 / month / wildcard domain
€22 / month / standard domain
standard domain
€22 / month / domain
wildcard domain
€64 / month / domain
12 month auto-renewing subscription €264.00

Actions

Learn more >

Includes:

  • Unlimited certificate issuance/replacement
  • 24x5 standard support
  • DigiCert CertCentral management portal
CertCentral Dashboard

Looking for a tailored migration experience?

If you have many certificates to replace or other complex technical or business requirements, please contact our team to discuss the best migration path for your organization. DigiCert offers a wide variety of trusted digital certificates, PKI services, and certificate lifecycle management.

Google Chrome and Mozilla to distrust new issuance of Entrust certificates.

Public TLS/SSL certificates issued from Entrust roots will not be trusted by Google Chrome if the Signed Certificate Timestamp (SCT) is dated after November 11, 2024, and by Mozilla if the SCT is dated after November 30, 2024.

  • To be trusted by a browser, a public certificate authority must comply with specific requirements defined by the CA/Browser Forum.
  • To ensure trust is consistent and continuous, browser root programs receive regular audit reports about Certificate Authority (CA) operations and compliance.
  • Transparency and accountability are critical to trust. CAs are expected to work in good faith with the browser root programs to fix and prevent issues. 
  • Recently, browser root programs indicated a lack of confidence in the TLS certificate issuance practices of Entrust.
  • Google ultimately decided to revoke trust for new certificate issuance in Entrust roots on the Chrome browser, a move that was subsequently mirrored by Mozilla Firefox.

What does this mean for Entrust customers?

  • Google Chrome will not trust Public TLS certificates with an SCT issued by Entrust roots after November 11, 2024.
  • Mozilla Firefox will not trust Public TLS certificates issued by Entrust roots with an earliest SCT after November 30, 2024.
  • Servers using these affected issuances of Entrust certificates will display as an unsecured site by Google and Mozilla.
  • Any TLS certificate with an SCT dated on or before these distinct Google Chrome and Mozilla Firefox distrust dates are unaffected by the distrust.

We’re here to help

We understand this incident is a business disruption for affected organizations.

As a global leader in globally trusted public and private trust solutions, we are committed to helping you maintain critical operations and ensure business continuity during the transition from Entrust—and beyond.

Entrust - We're here to help

How we earn your trust

Checklist icon

Compliance for all

We’re empowering compliance through innovation and open-source solutions

DigiCert employs a proactive and data-driven approach to compliance—and we even offer our technology freely to help other organizations do the same, including our recent open-source release of PKIlint, an automated certificate linter that enables users to rapidly check certificates for errors and compliance issues.

Globe Icon

Global standards and governance

We’re building trust through adherence to global standards

Without a globally accepted body of standards, there is no core foundation for trust. We adhere to all the requirements of the CA/Browser Forum for the issuance and management of certificates.

Users Icon

Public communication and collaboration

We’re committed to transparency and accountability

At DigiCert, transparency is at the core of our commitment to maintaining trust and integrity in digital security. When a revocation incident occurs, we prioritize clear and prompt communication, including the cause, scope, and steps taken to address the issue. Our goal is to ensure that all stakeholders are fully informed and confident in our actions to uphold our commitment to their security and the standards by which we are governed.

Shield Icon

Leading by example

We’re dedicated to upholding digital trust

We take our responsibility as a Certificate Authority in the root store of all major browsers very seriously. Our entire company’s sole focus is—and has been for more than two decades—to do everything in our power to deliver digital trust to our customers.

Need assistance navigating your migration from Entrust?

Our experts can help ensure you make the transition without disruption or costly outages. Reach out today.

 

By supplying my personal information and clicking submit, I agree to receive communications about DigiCert products and services, and I agree to DigiCert and its affiliates processing my data in accordance with DigiCert's Privacy Policy.
Submit

The Entrust distrust
webinar

What happened, what it means and what steps to take

We helped thousands navigate the Symantec distrust in 2018. Join us for an experience-backed roadmap to avoiding disruption from the Entrust distrust.

Related resources

Resource Thumbnail Image 1
BLOG

The Entrust distrust: Key takeaways for CAs and organizations

Resource Thumbnail Image 2
BLOG

Why Compliance is the Foundation of Digital Trust

Resource Thumbnail Image 3
BLOG

DigiCert Releases Innovative Automated Testing Tool for Digital Certificates

Related Blog Resource Thumbnail Image
BLOG

What is a CA's role in delivering digital trust?

What is Digital Trust? Video Thumbnail Image
Video

What is digital trust?

CertCentral Datasheet Thumbnail Image
Datasheet

Certificate management for TLS best practices

FAQ

Why did Google decide to distrust Entrust roots?

When will my Entrust certificates be distrusted by Google Chrome?

Have any other browsers announced that they will distrust Entrust certificates?

When should I start replacing my current Entrust certificates?

How can I determine if we are using Entrust certificates in our environment?

Why did Google decide to distrust Entrust roots? 

In their announcement of the decision, Google said:

Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted CA Owner.

And...

Certification Authorities (CAs) serve a privileged and trusted role on the Internet that underpin encrypted connections between browsers and websites. With this tremendous responsibility comes an expectation of adhering to reasonable and consensus-driven security and compliance expectations, including those defined by the CA/Browser TLS Baseline Requirements.

Over the past six years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports. When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the Internet ecosystem, it is our opinion that Chrome’s continued trust in Entrust is no longer justified.

When will my Entrust certificates be distrusted by Google Chrome?

Public TLS certificates issued from Entrust roots with a Signed Certificate Timestamp (SCT) dated after November 11, 2024, will not be trusted by Google Chrome after November 11, 2024. (The Chrome team originally announced the distrust would begin on November 1 but moved the date to November 12 to coincide with a release of the Chrome browser.) 

Any Entrust TLS certificate with an SCT dated on or before November 11, 2024, will be valid for its term. But if you modify, rekey, or renew such a certificate, it will be distrusted. 

Have any other browsers announced that they will distrust Entrust certificates?

At the end of July, Mozilla announced that they would distrust Entrust roots as of December 1. Any Entrust TLS certificate with an SCT dated on or before November 30, 2024, will be valid for its term. But if you modify, rekey, or renew such a certificate on or after December 1, it will be distrusted. 

Neither Microsoft nor Apple have made announcements on the matter. 

When should I start replacing my current Entrust certificates?

We recommend customers start planning their replacement strategy as soon as possible, with an accurate inventory of their certificates. This effort involves learning when each certificate will expire, assessing the risk profile of the associated service, and planning the replacement process.  Contact us today to start your migration plan. 

How can I determine if we are using Entrust certificates in our environment?

A variety of tools can connect to your infrastructure to scan and discover certificates in your environment. If you are an Entrust customer, look in your Entrust console for tools to help. 

DigiCert customers can use DigiCert® Trust Lifecycle Manager (TLM) and DigiCert CertCentral® to evaluate their environment and identify any Entrust certificates in need of replacement. Contact us if you need help with scanning and discovery.