SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


20170829 - Imminent change for Symantec Group's certification chains

As of 1st December 2017 certificates issued by Symantec Group will be issued by a new PKI on the basis of new certification chains.

We do not know yet the details regarding those new chains (which should allow crossed certification with the current roots) but they will include at least one third-party CAs intermediary.

EDIT 20171120: The new PKI used by the Symantec group is now known. It will rely on DigiCert's roots. Contrary to what had been considered, there is no crossed signature with the former Symantec's roots. It implies that the certificates recognition by browsers is going to change...

The new chains

OV and DV RSA certificates

They will be issued on intermediates linked to the DigiCert Global Root CA root if you choose a mixed chain (SHA1 root). This root has been intergrated in browsers and OS in 2007, it should be wildly recognized by now.

EV RSA certificates

They will be issued on intermediates linked to the DigiCert High Assurance EV Root CA root if you choose a mixed chain (SHA1 root). This root has been intergrated in browsers and OS in 2007, it should be wildly recognized by now.

RSA certificates with a full SHA2 chain

They will be issued on intermediates linked to the DigiCert Global Root G2 root. This root has been intergrated in browsers and OS in 2014, it should be recognized by any recent products except for Java (April 2017).

ECC certificates with a full ECC chain

They will be issued on intermediates linked to the DigiCert Global Root G3 root. This root has been intergrated in browsers and OS in 2014, it should be recognized by any recent products except for Java (April 2017).

Why these chains modifications?

It is one of the measures imposed by Google to Symantec. The chain modification will be required to keep th

What should you do to keep your actual chain?

You may want to keep using your chain for technical reasons. In this case, here are some advises:

Currently valid certificates

Nothing. If they are not reissued they will remain chained to the current chains.

Certificate pending renewal

Order you renewal before 15th November 2017. The newly issued certificates will use the current certification chains.

Certificates which will have to be renewed after 1st December 2017

Order a new certificate (not a renewal) before 15th November 2017. The newly issued certificates will use the current certification chains.

What should you do to use the new chains?

For the time being: nothing. The owners of concerned certificates will receive a notification email when a reissuance is necessary to prevent any loss of compatibility on Chrome and Firefox.

What are the consequences to foresee?

Certificates that will keep using the current certification chains will trigger security alerts on Chrome and Firefox. They will be gradually rejected as of March 2018, totally as of December 2018.

Note that any reissuance of your certificates after 1st Demcember 2017 will cause a certification chain.

Which are the concerned products?

All server certificates issued by Symantec, Thawte and Geotrust.

Useful links