DigiCert works with its partners to move past Google’s distrust of Symantec TLS certificates
DigiCert has executed a transfer of online trust, marked by the stable release of Chrome 70 that signals the end of Google’s Symantec root distrust plan. In the year since acquiring Symantec’s Website Security and PKI businesses, DigiCert has managed a certificate replacement program leading to the wholesale exchange of Symantec CA infrastructure and replacing more than 5 million certificates.
Over the last year, DigiCert has helped companies affected by the distrust action by replacing impacted certificates for free before the Chrome 70 stable release. An extensive outreach program, working with partners, and a validation process have led to replacing certificates for 99 percent of the Alexa 1 Million websites. For those few remaining sites that have not reissued and replaced their certificates, DigiCert encourages them to act now to avoid browser warnings.
“DigiCert, along with our partners and customers, has executed an extraordinary certificate replacement process for a large segment of our industry. Our teams have worked many long hours to ensure this event had minimal impact to our customers and the Internet in general, and I am very grateful for their efforts,” said DigiCert CEO John Merrill.
“This could have been an extremely disruptive event to online commerce. But one year after DigiCert closed the acquisition of Symantec’s Website Security business, we have successfully completed our requirements for Chrome. And even with the intense focus on the replacement process, we are excited to be showing growth in 2018.”
Continued Merrill, “Now that we can turn our focus to moving forward, we are strongly positioned to lead the market with next-generation TLS and PKI solutions, and work with the CA community to improve industry standards.”
A brief overview of the replacement task and what DigiCert accomplished includes:
- Managing wholesale replacement of Symantec’s multiple CA backend systems in one month between Nov. 1 and Dec. 1, 2017.
- Combining validation teams and training employees on DigiCert’s compliant CA processes.
- Revalidating domains and issuing more than 5 million replacement certificates for Symantec, VeriSign, Thawte, GeoTrust and RapidSSL customers.
- Revalidating more than 550,000 organizational identities that moved to DigiCert trusted roots.
- Providing support, tools and information to partners and customers to facilitate replacements for all impacted TLS certificates. These efforts have included millions of emails, in-console messages, and uncounted outbound phone calls to reach all affected.
- Redesigning and improving validation systems and automation across the CA infrastructure to improve scaling and provide experience.
DigiCert remains committed to being a CA operation, providing customers with confidence in the company’s processes and the TLS industry in general. In addition to scaling and redesigning its validation processes, DigiCert has focused on improving its operations and technologies, including:
- Making an investment into infrastructure, data centers and new architecture to achieve secure agility and scale.
- Establishing partnerships to provide certificates with post-quantum cryptography that will be resistant to quantum computers. This is especially important as many IoT devices have lifecycles that will last well into the era of quantum computers.
- Developing secure solutions on top of blockchain technology.
- Investing resources to drive improvements within industry standards bodies.
Said Merrill, “With the completion of our part of this unprecendented distrust management event, we want to thank our partners and customers, as well as the browser and security communities, for working with us. Moving forward, we are excited about refocusing our talented teams to produce needed advancements in trustworthy communications for the web PKI and a variety of emerging markets and technologies. As we do, we will stay true to the values that have made DigiCert the most trusted brand in our industry.”