If you own a Symantec, GeoTrust, RapidSSL, or Thawte SSL / TLS certificate, you’ve heard of Symantec ‘s acquisition by DigiCert. You may also have learned that Google Chrome mistrust Symantec and its subsidiary CAs (GeoTrust, RapidSSL, and Thawte) issued SSL / TLS certificates.
To stop this mistrust and its security alerts, customers at Symantec need to reissue their certificates from new networks as Google directs. All these certificates will be reissued / replaced from DigiCert’s PKI network, as Symantec sold its CA business to DigiCert.
So when does your certificate need to be reissued / replaced? Do you even have to replace / reissue your SSL / TLS certificate? Let’s work it out.
Furthermore, here are the important dates and things to recall before any action –
- 1 December 2017: Google has requested from that date that TLS certificates are no longer issued by Symantec roots, but must be issued by another CA. As of 1 December DigiCert will issue all Website Protection customer certificates. This date does not require any immediate changes to the certificate but transfers certification and issuance of Symantec certificates to DigiCert systems officially. Since that date on, customers at Symantec will start requesting free replacement certificates. Such substitute certificates will be valid via issuance until the expiration of the validity period for the certificate.
- March 15, 2018: Chrome beta will mistrust the Symantec certificates issued before June 1, 2016. Chrome’s release to the public is awaited on April 17, 2018.
- September 13, 2018: Chrome beta will be distrustful of all Symantec certificates released. Chrome’s public release is expected through mid-October 2018.
Disturbed? Click here for a condensed version:
- If your certificate was issued before 1 June 2016, your certificate will need to be reissued / replaced before 15 March 2018.
- Whether your certificate was released after June 1, 2016 and before December 1, 2017, your certificate must be reissued / replaced before September 13, 2018.
- And if your issuance date is after December 1, 2017, your certificate need not be reissued.
Just as plain as that.
If you’re a visual learner, you will find his visual representation here.
How to have Symantec SSL Certificates reissued?
Yeah, you still have time on your hands. Yet why leave it behind late?
If you need your certificate to be reissued, why leave it until later? The reissuance cycle has begun from 1 December 2017, and it is in everybody’s best interest to do so as soon as possible. And make no worries. The reissuance process requires no charges or fees. It is totally safe!
If you’re our current client, this is what you need to do.
- Login to Review Panel
- Choosing My Order
- Locate the order for the certificate you want to issue again, and click the order number to view the details
- Pick Certification Reissue
- Choose your DV Validation-email or file-based process
- Join CSR
- Choose type of server
- Select the Algorithm for Signature (SHA-2)
- Apply for reissue
If you request a reissue of the DV SSL Certificate, you will get the SSL Certificate within minutes. But, if you are applying for any OV or EV SSL Certificate, after the final verification (as per your SSL type) you will receive the reissued SSL Certificate. The DigiCert (Certificate Authority) must re-validate all the necessary information for your SSL request. Don’t worry, because DigiCert is THE best in its validation processes. When you have checked the certificate you should receive an email with your new certificate. And instead, re-installing the SSL Certificate on your server.