DigiCert reaches milestone for replacing Symantec certs

DigiCert Inc. announced a major milestone: less than 1 percent of the top 1 million sites have yet to replace Symantec-issued certificates affected by upcoming browser distrust action. Mozilla released figures from its latest telemetry report earlier this week showing 1 percent with certificates to be untrusted.

For site owners still affected by beta releases of Firefox 60 and Chrome 66, DigiCert remains ready to help them before the release of Chrome 66 stable on or around April 17 and Firefox 60 in May. Certificates replaced by DigiCert ahead of Chrome 66 distrust timelines will also satisfy Mozilla Firefox requirements.

Google and Mozilla announced a timeline last fall to gradually remove trust in Symantec root certificate authorities (CA), prior to DigiCert completing its acquisition of Symantec Website Security on Oct. 31, 2017. DigiCert began issuing trusted certificates for the Symantec, Thawte, GeoTrust and RapidSSL brands on Dec. 1, 2017, after satisfying browser requirements for replacing Symantec backend systems and processes with DigiCert ones. Since that time, DigiCert has issued millions of certificates, including both new and free replacement certificates. Today, the vast majority of Symantec brand certificate holders have taken corrective action.

“We’ve been working hard for months to make sure that customers are aware of the Chrome and Mozilla deadlines and that they can replace Symantec-issued certificates through us for free,” said Jeremy Rowley, chief of product for DigiCert. “Through comprehensive communications and tools in multiple languages, alongside our partners, we are continuing to provide instructions and the simplest replacement path available for those who still need to act.”

Affected customers can handle replacement similar to a typical renewal, with a couple of clicks in the portal where they made their original purchase. There is no need to learn new systems or work with new account representatives. Certificate replacements are free and extended through the original validity period.

DigiCert created a web tool to identify impacted certificates. Entering a domain name will confirm if and when a Symantec-issued certificate needs to be replaced by DigiCert. This tool also will help organizations identify certificates that will be affected by the Chrome 70 release later this year, which occurs around the same time as Firefox’s distrust of all remaining Symantec-issued certificates.

“We have hired more than 200 additional staff to help with the large spike of inbound communication to our support and validation teams,” added Rowley. “The March 15 Chrome 66 beta release deadline is arriving, and we encourage any customers with affected certificates to initiate the free certificate replacement process right away. That way, they will avoid untrusted warnings before Chrome 66 stable is released in April, and be prepared when Firefox 60 is publicly released in May.”