LEHI, Utah (March 14, 2018) — DigiCert Inc., the leading global provider of SSL and other PKI solutions for securing web traffic and the Internet of Things (IoT), announced a major milestone: less than 1 percent of the top 1 million sites have yet to replace Symantec-issued certificates affected by upcoming browser distrust action. Mozilla released figures from its latest telemetry report earlier this week showing 1 percent with certificates to be untrusted.
For site owners still affected by beta releases of Firefox 60 and Chrome 66, DigiCert remains ready to help them before the release of Chrome 66 stable on or around April 17 and Firefox 60 in May. Certificates replaced by DigiCert ahead of Chrome 66 distrust timelines will also satisfy Mozilla Firefox requirements.
Google and Mozilla announced a timeline last fall to gradually remove trust in Symantec root certificate authorities (CA), prior to DigiCert completing its acquisition of Symantec Website Security on Oct. 31, 2017. DigiCert began issuing trusted certificates for the Symantec, Thawte, GeoTrust and RapidSSL brands on Dec. 1, 2017, after satisfying browser requirements for replacing Symantec backend systems and processes with DigiCert ones. Since that time, DigiCert has issued millions of certificates, including both new and free replacement certificates. Today, the vast majority of Symantec brand certificate holders have taken corrective action.
“We’ve been working hard for months to make sure that customers are aware of the Chrome and Mozilla deadlines and that they can replace Symantec-issued certificates through us for free,” said Jeremy Rowley, chief of product for DigiCert. “Through comprehensive communications and tools in multiple languages, alongside our partners, we are continuing to provide instructions and the simplest replacement path available for those who still need to act.”
Affected customers can handle replacement similar to a typical renewal, with a couple of clicks in the portal where they made their original purchase. There is no need to learn new systems or work with new account representatives. Certificate replacements are free and extended through the original validity period.
DigiCert created an easy-to-use web tool to identify impacted certificates. Entering a domain name will confirm if and when a Symantec-issued certificate needs to be replaced by DigiCert. This tool also will help organizations identify certificates that will be affected by the Chrome 70 release later this year, which occurs around the same time as Firefox’s distrust of all remaining Symantec-issued certificates.
“A migration of this magnitude is unprecedented in the CA industry. DigiCert has done a remarkable job in unifying the platforms and support organizations. They have provided tools for customers to ensure that their web servers won’t have a problem so it’s now up to security teams,” said Zeus Kerravala, founder and principal analyst at ZK Research.
Additional steps taken by DigiCert over the last several months, and still underway, to raise awareness among affected customers include:
- Sending a series of nearly 600,000 emails to customers reminding them of deadlines, necessary action items and information
- Establishing an outbound call center, and calling all affected customers
- Displaying reminder messages in multiple languages in the portals customers use to order and manage certificates
- Hosting multiple webinars, with the latest held yesterday.
- Posting documentation in multiple languages for replacing Symantec-issued certificates
“We have hired more than 200 additional staff to help with the large spike of inbound communication to our support and validation teams,” added Rowley. “The March 15 Chrome 66 beta release deadline is arriving, and we encourage any customers with affected certificates to initiate the free certificate replacement process right away. That way, they will avoid untrusted warnings before Chrome 66 stable is released in April, and be prepared when Firefox 60 is publicly released in May.”
DigiCert is currently focused on helping customers replace certificates issued by Symantec before June 2016, which are due to be distrusted in Chrome 66 and Firefox 60. All certificates issued by Symantec from June 1, 2016 through Nov. 30, 2017 will also lose trust in the release of Chrome 70 and Firefox 63. Chrome 70 canary release is currently scheduled for July 20, beta for Sept. 13 and stable around Oct. 16. DigiCert’s work to help customers meet the current deadlines has prepared it to handle the next phase of certificate replacement. All certificates issued by DigiCert for Symantec, Thawte, GeoTrust and RapidSSL brands after Dec. 1, 2017 are fully trusted by the browsers.
About DigiCert, Inc.
DigiCert is a leading provider of scalable security solutions for a connected world. The most innovative companies, including the Global 2000, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports SSL/TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management platform, CertCentral®. The company has been recognized with dozens of awards for its enterprise-grade management platform, fast and knowledgeable customer support, and market-leading growth. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.