DigiCert will begin issuing for Symantec

Symantec and DigiCert Acquisition FAQ

Symantec and DigiCert Acquisition

As industry leaders, we've been exposed to major acquisitions in the past and can anticipate many of the common questions our customers ask. Our SSL specialists put together the follow questions and answers to help customers quickly make sense of all this wonderful industry news. If you still have questions, our SSL specialists are available 24/7/365 via email, live chat, and telephone.

General Knowledge

When did Symantec & DigiCert complete the acquisition?

On October 31, 2017, DigiCert, Inc. completed the acquisition of the Symantec Corp. Certificate Authority business, which includes all website security assets related to SSL & PKI (GeoTrust, Thawte, RapidSSL) for $950 million in cash and a 30% stake in common stock equity.


What does The SSL Store™ think of this acquisition?

This is great news!!! The acquisition of Symantec's SSL business is absolutely the best-case scenario for the entire SSL community. This is by far the quickest way to enhance the SSL ecosystem, improve product offerings, increase efficiencies, provide better support and superior validation practices that are safe, secure, and most of all, trusted by the browser community unequivocally. DigiCert has announced its new PKI system will be implemented by December 1, 2017 to ensure all newly issued certificates are compatible will all browsers going forward.


What benefits will I gain from this acquisition?

DigiCert is best known for being speedy, reliable, and efficient, specifically when it comes to exceptional customer support and fast certificate issuance. Now Symantec customers will experience this level of service in addition to industry-leading OCSP response times. In the coming months, Symantec customers will gain access to the full line of DigiCert products to complement those that you have enjoyed from Symantec. These include DigiCert's SSL and private PKI services, leading PKI-based solutions for IoT device security, and an award-winning certificate management platform.


Does the acquisition resolve the Symantec compliance issues with the browsers?

Per a recent DigiCert Announcement: "Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec-issued certificates while balancing the TLS implementations currently deployed. This plan is close to completion and will minimize impacts, allowing customers to continue securing their transactions. Symantec-issued certificates impacted by the browser timelines will need to be replaced. These will be replaced at no cost to customers at the appropriate time, and we'll work to ensure a smooth process. More information will be forthcoming for affected parties."


Partner Programs

Will reseller of enterprise partners notice any significant changes in the program?

Yes, you will see improvements over time. DigiCert recently unveiled the new DigiCert Certified Partner Program, and The SSL Store received an exclusive invitation to join its Platinum Elite level. As a result, partners can expect new web security solutions, faster issuance times from vendors, and better response time from the Certificate Authority. As always, The SSL Store™ will proactively inform partners about any improvements within the respective program(s).


Will the Encryption Everywhere program continue under DigiCert?

Yes. Strategic web hosting partners of The SSL Store™ can continue enjoying the Encryption Everywhere program and everything it has to offer.


Will enterprise partners continue to use Managed PKI for SSL or the Complete Web Security Console to administer/manage Symantec-issued certificates?

Yes, enterprise partners will continue using their existing MPKI solutions from Symantec. In fact, DigiCert's recent announcements about the DigiCert Certified Partner Program and its exclusive Platinum Elite tier provided some additional insight into the future of MPKI. The move to a more innovative, next-gen platform is scheduled for early 2018 and may require an API update to the new servicing URL. The SSL Store™ will communicate changes as they arise and will ensure any changes are seamless for your business.


Will partners need to update their integration option (i.e. API, plugin, module) with The SSL Store™ to accommodate this acquisition?

It depends. We did make several updates to all our integration options (i.e. API, plug-ins, etc.) to help partners view/request their impacted certificates within their native system. We understand some integrated partners do not rely heavily on our control panel and wanted to accommodate their business needs. View the integration option page within your control panel to learn more.


Will partner contracts and day-to-day functions be impacted by the DigiCert acquisition?

No. All contracts, prepaid funds, credit terms, account balances, pricing, etc. with The SSL Store™ will remain the same today. You will experience no change in account managers, support managers, or lines of communications with our Customer Experience Department.



Will any product features change with Symantec, GeoTrust, Thawte, and RapidSSL certificates?

Yes. These brands will soon have new, fully trusted CA root certificates that will allow customers to continue securing all internet traffic with confidence. The SSL Store™ will automatically provide all customers with the correct certificate files after issuance of new, renewed, or reissued certificates.


Will the process of purchasing Symantec certificates change in your account?

No. You can still purchase and benefit from the premium features of Symantec-issued certificates as normal.


Can you continue managing previously purchased Symantec certificates?

Yes. You still have access to manage all certificates details within your control panel.


Will Symantec certificates remain valid until their expiration dates?

It depends. The certificate itself will remain valid until expiration, however, browsers need all customers to replace existing Symantec-issued certificates before certain dates in 2018. The date when customers should replace their existing certificates is all dependent on the original issue date, expiration date, and browser timeline. All existing certificates impacted by the 2018 browser dates will receive instructions by The SSL Store™ on how to replacement certificates for the remaining validity period at no cost to them.


Will Symantec SSL/TLS certificates continue to work after the acquisition?

Yes, this business deal between Symantec and DigiCert has no impact on your certificates' validity periods. Unless impacted by the 2018 browser dates, all Symantec issued certificates will remain valid until their expiry date.


Has the process of ordering and managing my Symantec certificates changed?

No. You can continue procuring and managing certificates within your control panel like usual. We already did the heavy lifting to ensure you have a smooth transition.


Will the validation process change in the near future?

Yes. DigiCert is known for its highly refined validation process, which means customers may experience faster verification times. Although all Symantec workflows may be supported initially, DigiCert plans to implement changes as necessary to support existing needs. The SSL Store™ will update validation documentation, support material, and customer notifications once additional details are provided by DigiCert.


Any changes for code signing customers?

No. You can continue securing applications like nothing ever happened. If anything changes, The SSL Store™ will let you know.


What is happening with the trusted site seals (i.e. DigiCert Secured Seal)?

Any seal issued by Symantec will continue to work and remain valid until certificate expiration. Any changes will be communicated by The SSL Store™.


Technical Knowledge

What will happen with the Root CA Certificate Hierarchies?

Browsers will slowly phase out existing Symantec root certificates over the next year. DigiCert has already begun cross-signing certain roots with the older Symantec roots to provide a wide ubiquity. Any customers impacted by this process will receive step-by-step instructions from The SSL Store™ on how to seamlessly resolve any issues within the least amount of time. Customers relying on a specific Symantec root should contact The SSL Store™ immediately for assistance with the transition.


Will DigiCert change the Root structure?

Yes, but not immediately. DigiCert plans to create new roots that are cross-signed by the existing Symantec roots. These new roots will be embedded in browsers, providing a seamless transition for most customers. Customers with pinned intermediates or roots should contact The SSL Store™ immediately for assistance.


Reissue Details (Next Steps)

Do customers need to replace their existing Symantec-issued certificates?

Yes. Depending on the original issue date and expiration date, customers will need to reissue/replace impacted certificates before key dates in 2018. Click here to log into your account and view your impacted orders.


What are the important dates to replace existing Symantec-issued certificates to continue browser trust?

If your SSL Certificate was issued before December 1st, 2017 you have until September 13th, 2018 to renew or re-issue that SSL certificate.


Does replacing SSL certificates cost any additional fees?

No. There is no cost in reissuing certificates. However, if your certificate is within 210 days (7 months) of expiration, you should renew the certificate instead of re-issuing to avoid re-installing the certificate twice. Renewing your SSL does have a cost, but it will also extend the validity of your SSL.


Do customers need to generate a new CSR & private key?

No. You can use the previously generated key pair only if the RSA private key is saved in a secure location. If the private key is lost or inaccessible, you should generate a new CSR and private key on their web server (recommended) or by using an online tool.


Can customers switch domain validation methods during reissuance?

It depends. If the original method was File/DNS Authentication, you can contact support to switch to email based authentication. The email method will allow you to use the WHOIS email or one of 5 pre-approved alias addresses (admin@, administrator@, webmaster@, hostmaster@, and postmaster@).


Do OV SSL customers need to re-validate their business details during reissuance?

Yes. For any OV SSL issued before December 1, 2017, all business details related to the certificate will be validated again by DigiCert.


Do EV SSL customers need to re-validate their business details during reissuance?

Yes. For any EV SSL issued before December 1, 2017, all business details related to the certificate will be validated again by DigiCert.


Can Symantec re-use previously validated business details after December 1, 2017?

No. All business details related to the certificate will be validated again by DigiCert.


Do customers have to install the re-issued SSL Certificate by DigiCert?

Yes. You need to install/configure the certificate again on your web server, application, or device to properly update the certificate files. For assistance, contact our friendly SSL specialists.


Does the certificate expiration date change during reissuance?

No. The expiration date will not change if you choose to re-issue your impacted SSL. The reissue process simply allows customers to receive a new copy of the original certificate for free. If your certificate is within 210 days (7 months) of expiration, you can opt to renew early and get your validity period extended by up to 1 year.