Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


20230117 - End of use of DigiCert G1 intermediate and root certificates

As of March 8, 2023 all SSL certificates issued by the DigiCert Group (DigiCert, Thawte, Geotrust, RapidSSL) will be using second-generation (G2) hierarchies.

The use of G5 chains has been postponed.

Why?

This decision is a direct consequence of the new Mozilla roots management policy that stipulates a maximum period for the use of root certificates.

As of 2025, Mozilla will begin distrusting older root certificates including DigiCert ones.

The final entity certificates issued on those hierarchies won't be recognized on Mozilla tools anymore.

What consequence for your certificates?

For currently valid certificates: none.

For the certificates issued after March 8, 2023: even if the G2 hierarchies are widely distributed, there might be an impact on their recognition.

You may encounter issues as well if you hard-coded the acceptance of ICA/Root certificates or operate a trust store.

In those cases you'll have to update your environment before March 8, 2023.

Alternative solutions

It will remain possible to obtain certificates issued on the G1 hierarchies for a few months by selecting the SHA1 hierarchy on the order forms.

It will also be possible to use a G5 hierarchy right away (G5 chains will eventually replace the G2 ones). Such requests will have to be submitted beforehand to our customer service and will be handled on a case-by-case basis.

The new roots

The following table indicates the G2 certificates that will replace the one currently used by your certificates:

Kind of certificate Current G1 intermediate certificate Current G1 root certificate New G2 intermediate certificate New G2 root certificate
DigiCert DigiCert TLS RSA SHA256 2020 CA1 DigiCert Global Root CA DigiCert Global G2 TLS RSA SHA256 2020 CA1 DigiCert Global Root G2
DigiCert EV DigiCert SHA2 Extended Validation Server CA DigiCert High Assurance EV Root CA DigiCert EV RSA CA G2 DigiCert Global Root G2
Thawte Thawte RSA CA 2018 DigiCert Global Root CA Thawte TLS RSA CA G1 DigiCert Global Root G2
Thawte EV Thawte EV RSA CA 2018 DigiCert High Assurance EV Root CA Thawte EV RSA CA G2 DigiCert Global Root G2
GeoTrust GeoTrust RSA CA 2018 DigiCert Global Root CA GeoTrust TLS RSA CA G1 DigiCert Global Root G2
GeoTrust GeoTrust Global TLS RSA4096 SHA256 2022 CA1 DigiCert Global Root CA GeoTrust TLS RSA CA G1 DigiCert Global Root G2
GeoTrust EV GeoTrust EV RSA CA 2018 DigiCert High Assurance EV Root CA GeoTrust EV RSA CA G2 DigiCert Global Root G2
RapidSSL RapidSSL Global TLS RSA4096 SHA256 2022 CA1 DigiCert Global Root CA RapidSSL TLS RSA CA G1 DigiCert Global Root G2

Useful links