[Feb 8, 2023] Notice on DigiCert Root Certificate Update
Dear customers,
According to the latest root certificate trust policy of Mozilla, the trusted root certificates of all CAs around the world must be updated at least once every 15 years, and Mozilla will no longer trust the trusted root certificates that fail to be updated within the specified time. To comply with this policy, DigiCert will update some of its root certificates from March 8, 2023. For details, see Table 1.
Original Root Certificate |
Affected Scope |
Invalidated by Mozilla On |
New Root Certificate |
|---|---|---|---|
Baltimore CyberTrust Root |
Cross-certificates for more compatibility |
April 15, 2025 (The root certificate expires on May 15, 2025.) |
DigiCert Global Root G2 |
DigiCert Global Root CA |
DV and OV SSL certificates issued by DigiCert |
April 15, 2026 |
DigiCert Global Root G2 |
DigiCert High Assurance EV Root CA |
EV SSL certificates issued by DigiCert |
April 15, 2026 |
DigiCert Global Root G2 |
DigiCert Root Certificate Update Plan
The details are as follows:
- All SSL certificates issued by DigiCert before March 8, 2023 can still be used.
- From March 8, 2023, DigiCert and GeoTrust will use root certificate DigiCert Global Root G2 and new intermediate certificates to issue DV SSL certificates. For details, see Table 2.
Table 2 DV certificate chain change details CA in CCM
Certificate Type
Original Intermediate Certificate
Original Root Certificate
New Intermediate Certificate
New Root Certificate
DigiCert
DV (Basic)
Encryption Everywhere DV TLS CA - G1
DigiCert Global Root CA
Encryption Everywhere DV TLS CA - G2
DigiCert Global Root G2
GeoTrust
DV
GeoTrust RSA CA 2018
DigiCert Global Root CA
GeoTrust TLS RSA CA G1
DigiCert Global Root G2
DV (Basic)
RapidSSL Global TLS RSA4096 SHA256 2022 CA1
DigiCert Global Root CA
RapidSSL TLS RSA CA G1
DigiCert Global Root G2
- From July 1, 2023, DigiCert and GeoTrust will use root certificate DigiCert Global Root G2 and new intermediate certificates to issue OV and EV SSL certificates. For details about SSL certificate chain changes, see official notices of DigiCert.
DigiCert Root Certificate Update Impacts
- There is no need to worry about compatibility issues as the new root certificate hierarchy is still compatible with mainstream operating systems and mobile devices.
- The new root certificate DigiCert Global Root G2 uses SHA-256, which is more secure than SHA-1 the original root certificate uses.
- If you have embedded the original root certificate or intermediate certificates on the client, the certificates issued using root certificate DigiCert Global Root G2 will fail the client validation and then cause service interruptions. In this case, you need to remove the embedded certificate immediately and use the built-in trust store for validation. If you have no idea whether the original root certificate or intermediate certificate is embedded on the client, or you have other technical problems, click in the upper right corner of the Huawei Cloud management console. We will provide professional technical suggestions.
If you have any questions during this period, please feel free to contact us.
Thank you for using Huawei Cloud.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
