Enhancements and changes which are planned for release by mid-June 2018 will require your immediate attention or action, so please read this announcement.
OCSP and CRL for Our Legacy Hierarchies
For security and compliance best practices, we will update the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) infrastructure for all certificates issued from our legacy hierarchies for the GeoTrust, RapidSSL, Symantec, and Thawte brands.
For certificates issued from our legacy hierarchies before 1 December 2017, domain hosts and website hosts must be able to access our OCSP and CRL servers. For more information, refer to these Knowledge Base articles as appropriate for your business:
- Complete Website Security and Managed PKI for SSL
- All other DigiCert-branded certificates
For certificates issued on or after 1 December 2017, no action pertaining to this update is necessary. These certificates were issued from the DigiCert root CA and are unaffected by this update.
New Code Signing PKI Hierarchy
To modernize and streamline our code signing certificate offerings, we will update our code signing PKI hierarchy and begin integrating with DigiCert platforms. We intend to sign all new and reissue code signing certificates from the DigiCert hierarchy and infrastructure by mid-June 2018, regardless of the brand under which they’re sold. However, these changes will not impact existing code signing certificates nor the validity of signed files, whether timestamped or not.
These changes will apply to all code signing products listed below for the Symantec and Thawte brands:
- Microsoft™ Authenticode™
- Microsoft™ Office and VBA
- Adobe™ AIR™
- Mac® OS X desktops
For information on changes to the code signing PKI hierarchy, read our Website Security blog entry or see these links for more information.
We appreciate your partnership. If you have additional questions, contact support or your account manager.