Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address Google concerns about Symantec/Geotrust/Thawte/Rapidssl-issued certificates while balancing the SSL/TLS implementations currently deployed.

Symantec-issued certificates impacted by browser timelines will need to be replaced to bring them under the new Digicert platform. These will be replaced at no cost to all certificates issued prior to December 1st 2017, and Digicert will work to ensure a smooth process. Many customers have already received information on certificate replacement, and more information will be forthcoming for affected parties.

Acmetek is currently working on a smooth transition for their clients and will be notified if they have an affected cert by this transition in the next couple of months. 

Things to know:

• This reissue only pertains to SSL Certificates where clients access websites/applications via Google Chrome.
• If your clients are not using Google Chrome, you do NOT need to perform the reissue.
• Symantec/Geotrust/Thawte/Rapid SSL Certificates Issued Prior to December 1st 2017 will have to be reissued into the new chain hierarchy under the Digicert umbrella.
• All Certificates Issued after December 1st 2017 will automatically be placed under the Digicert umbrella new chain hierarchy.
• All Certificates Renewed after December 1st 2017 will automatically be put under this new chain hierarchy.
• These Reissues will allow your certificates to be trusted by all versions of Google Chrome.
• Symantec Roots are NOT being removed.
• Newly issued 3-year certificates issued before Dec.1st and during 2017 must be reissued/renewed before Feb 1st, 2018.
• Max Deadline to have all certificates reissued, or renewed is August 1st, 2018. Some Reissues may need to be re-authenticated depending on when the certificate was last issued.

Authentication Things to Know:

• DigiCert has a more robust, modern, and quick Authentication platform. Please review Digicert’s Certificate Validation Process to know more.
• Initially, The biggest hold-ups that customers can control are:
• DCV (Domain Confirmation Verification) for security the verification goes to the domain admin, not the cert admin.
• The verification call (making sure someone is aware at the main number that there will be a verification call within the next 24 hours)
• Having you provide the correct legally registered name for the organization to avoid Digicert having to ask for it later.
• After initial Authentication has been processed…as long as the contact and organization info is the exact same. Digicert will streamline the processing for future orders or Reissues.

If you already know your Symantec/Geotrust/Thawte/RapidSSL Issued SSL Certificate is affected you simply need to perform a free reissue of your current certificate order. Acmetek clients will see a notification and eventually receive a communication on how to perform the reissue of their SSL Partner Center.