On May 24, 2022, between 9:00 am and 11:00 am MDT (3:00 pm and 5:00 pm UTC), DigiCert will replace the intermediate GeoTrust® DV and RapidSSL® DV mixed SHA-256 chains' ICAs.
Note: Certificate Authorities (CAs) use intermediate CA (ICA) certificates to issue your customers' certificates, such as TLS certificates. The ICA certificate links a certificate to its trusted root certificate enabling browsers and other applications to trust it.
Rolling out new ICA certificates does not affect your customers' existing DV certificates. Active certificates issued from the replaced ICA certificate will remain trusted until they expire.
How does this affect your customers?
The May 24 ICA certificate replacements only affect GeoTrust DV and RapidSSL DV certificates.
Note: TLS certificate and ICA certificate installation should go hand in hand. To ensure ICA certificate replacements go unnoticed, always include the provided ICA certificate with every TLS certificate you install.
No action is required unless your customers do any of the following:
- Pin the old versions of the GeoTrust DV and RapidSSL DV intermediate CA certificates
- Hard code the acceptance of the old versions of the GeoTrust DV and RapidSSL DV intermediate CA certificates
- Operate a trust store that includes the old versions of the GeoTrust DV and RapidSSL DV intermediate CA certificates
Action required
If your customers practice pinning, hard code acceptance, or operate a trust store, update your environment as soon as possible. They should stop pinning and hard coding ICA certificate trust or make the necessary changes to ensure their GeoTrust DV and RapidSSL DV certificates issued from the new ICA certificates are trusted. In other words, make sure they can chain up to their new ICA certificate and trusted root). See the DigiCert ICA Update knowledge base article.
What if my customers need more time?
If you or your customers need more time to update environments, you can continue to use the old 2020 ICA certificates until they expire. Contact DigiCert Support, and they can set that up for an account. However, after May 31, 2022, RapidSSL DV and GeoTrust DV certificates issued from the 2020 ICA certificates will be truncated to less than one year.
GeoTrust DV / RapidSSL DV Intermediate CA certificate replacements
These intermediate CA certificates below chain to the DigiCert Global Root CA certificate.
See the DigiCert Trusted Root Authority Certificates page to download copies of the new Intermediate CA certificates.
Current ICA certificates |
New ICA certificates |
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
GeoTrust TLS DV RSA Mixed SHA256 2021 CA-1
|
GeoTrust Global TLS RSA4096 SHA256 2022 CA1
|
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
RapidSSL TLS DV RSA Mixed SHA256 2021 CA-1
|
RapidSSL Global TLS RSA4096 SHA256 2022 CA1
|
If you have questions or concerns, please contact your account manager or our DigiCert Support.
Thank you,
DigiCert Team
|