Symantec Re-Issue And Digicert Acquisition FAQ
Our SSL specialists put together the following questions and answers to help customers quickly make sense of all this wonderful industry news. If you still have questions, our SSL specialists are available via phone +1 (727) 388-4240, email [email protected], or live chat.
1. When did Symantec & DigiCert complete the acquisition?
On October 31, 2017, DigiCert, Inc. completed the acquisition of the Symantec Corp. Certificate Authority business, which includes all website security assets related to SSL & PKI (GeoTrust, Thawte, RapidSSL) for $950 million in cash and a 30% stake in common stock equity.
2. What does SSLRenewals.com think of this acquisition?
This is great news!!! The acquisition of Symantec's SSL business is absolutely the best-case scenario for the entire SSL community. This is by far the quickest way to enhance the SSL ecosystem, improve product offerings, increase efficiencies, provide better support and superior validation practices that are safe, secure, and most of all, trusted by the browser community unequivocally. DigiCert has announced its new PKI system will be implemented by December 1, 2017 to ensure all newly issued certificates are compatible will all browsers going forward.
3. What benefits will I gain from this acquisition?
DigiCert is best known for being speedy, reliable, and efficient, specifically when it comes to exceptional customer support and fast certificate issuance. Now Symantec customers will experience this level of service in addition to industry-leading OCSP response times.
4. Does the acquisition resolve the Symantec compliance issues with the browsers?
Per a recent DigiCert Announcement: "Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec-issued certificates while balancing the TLS implementations currently deployed. This plan is close to completion and will minimize impacts, allowing customers to continue securing their transactions. Symantec-issued certificates impacted by the browser timelines will need to be replaced. These will be replaced at no cost to customers at the appropriate time, and we'll work to ensure a smooth process. More information will be forthcoming for affected parties."
5. Will customers notice any significant changes?
Yes, you will see improvements over time. Customers can expect faster issuance times and better response time from the Certificate Authority. As always, your SSL provider will proactively inform you about any improvements made to enhance your user experience.
6. Will any product features change with Symantec, GeoTrust, Thawte, and RapidSSL certificates?
Yes. These brands will soon have new, fully trusted CA root certificates that will allow you to continue securing all internet traffic with confidence. Your SSL provider will provide all customers with the correct certificate files after issuance of new, renewed, or reissued SSL certificates.
7. Will the process of purchasing Symantec certificates change in your account?
No. You can still purchase and benefit from the premium features of Symantec-issued certificates as normal.
8. Can you continue managing previously purchased Symantec certificates?
Yes. You still have access to manage all certificates details within your control panel.
9. Will Symantec certificates remain valid until their expiration dates?
It depends. The certificate itself will remain valid until expiration, however, browsers need all customers to replace existing Symantec-issued certificates before certain dates in 2018. The date when you should replace existing SSL certificates is all dependent on the original issue date, expiration date, and browser timeline. All existing certificates impacted by the 2018 browser dates will receive instructions by your SSL provider on how to replacement certificates for the remaining validity period at no cost to you.
10. Will Symantec SSL/TLS certificates continue to work after the acquisition?
Yes, this business deal between Symantec and DigiCert has no impact on your certificates' validity periods. Unless impacted by the 2018 browser dates, all Symantec issued certificates will remain valid until their expiry date.
11. Has the process of ordering and managing my Symantec certificates changed?
No. You can continue procuring and managing certificates within your control panel like usual. We already did the heavy lifting to ensure you have a smooth transition.
12. Will the validation process change in the near future?
Yes. DigiCert is known for its highly refined validation process, which means you may experience faster verification times. Although all Symantec workflows may be supported initially, DigiCert plans to implement changes as necessary to support existing needs. Your SSL provider will update validation documentation, support material, and customer notifications once additional details are provided by DigiCert.
13. Any changes for code signing customers?
No. You can continue securing applications like nothing ever happened. If anything changes, your SSL provider will let you know.
14. What is happening with the trusted site seals (i.e. Norton Secured Seal)?
Any seal issued by Symantec will continue to work and remain valid until certificate expiration. Any changes will be communicated by your SSL provider.
15. What will happen with the Root CA Certificate Hierarchies?
Browsers will slowly phase out existing Symantec root certificates over the next year. DigiCert has already begun cross-signing certain roots with the older Symantec roots to provide a wide ubiquity. Any customers impacted by this process will receive step-by-step instructions from your SSL provider on how to seamlessly resolve any issues within the least amount of time. Customers relying on a specific Symantec root should contact your SSL provider immediately for assistance with the transition.
16. Will DigiCert change the Root structure?
Yes, but not immediately. DigiCert plans to create new roots that are cross-signed by the existing Symantec roots. These new roots will be embedded in browsers, providing a seamless transition for most customers. Customers with pinned intermediates or roots should contact your SSL provider immediately for assistance.
What Happens Next?
17. Do customers need to replace their existing Symantec-issued certificates?
Yes. Depending on the original issue date and expiration date, customers will need to reissue/replace impacted certificates before key dates in 2018. Click here to log into your account and view your impacted orders.
18. What are the important dates to replace existing Symantec-issued certificates to continue browser trust?
- If your SSL Certificate was issued before December 1st, 2017 you have until September 13th, 2018 to renew or re-issue that SSL certificate.
19. Does replacing SSL certificates cost any additional fees?
No. There is no cost in reissuing certificates. However, if your certificate is within 210 days (7 months) of expiration, you should renew the certificate instead of re-issuing to avoid re-installing the certificate twice. Renewing your SSL does have a cost, but it will also extend the validity of your SSL.
20. Do customers need to generate a new CSR & private key?
No. You can use the previously generated key pair only if the RSA private key is saved in a secure location. If the private key is lost or inaccessible, you should generate a new CSR and private key on their web server (recommended) or by using an online tool.
21. Can customers switch domain validation methods during reissuance?
It depends. If the original method was File/DNS Authentication, you can contact support to switch to email based authentication. The email method will allow you to use the WHOIS email or one of 5 pre-approved alias addresses ([email protected], [email protected], [email protected], [email protected], and [email protected]).
22. Do OV SSL customers need to re-validate their business details during reissuance?
Yes. For any OV SSL issued before December 1, 2017, all business details related to the certificate will be validated again by DigiCert.
23. Do EV SSL customers need to re-validate their business details during reissuance?
Yes. For any EV SSL issued before December 1, 2017, all business details related to the certificate will be validated again by DigiCert.
24. Can Symantec re-use previously validated business details after December 1, 2017?
No. All business details related to the certificate will be validated again by DigiCert.
25. Do customers have to install the re-issued SSL Certificate by DigiCert?
Yes. You need to install/configure the certificate again on your web server, application, or device to properly update the certificate files. For assistance, contact our friendly SSL specialists.
26. Does the certificate expiration date change during reissuance?
No. The expiration date will not change if you choose to re-issue your impacted SSL. The reissue process simply allows customers to receive a new copy of the original certificate for free. If your certificate is within 210 days (7 months) of expiration, you can opt to renew early and get your validity period extended by up to 1 year.