Steamline Process to Get Reissue or Replace Your Symantec SSL Certificate
As of October 31, 2017, DigiCert, Inc. has officially acquired Symantec’s Certificate Authority business. This move didn’t come as a surprise considering Google’s plans to distrust the SSL/TLS certificates of Symantec and its subsidiary CAs, namely GeoTrust, RapidSSL, and Thawte in Chrome, the most famous browser in the world.
This distrust has been divided into two parts by Google depending upon the issuance date. The first phase will begin with the launch of Chrome 66, expected to be released in March 2018. And the second part in October 2018, with the launch of Chrome 70.
To avoid this distrust and security warnings, existing customers of Symantec, GeoTrust, RapidSSL, and Thawte will need to reissue/replace their certificates from DigiCert’s infrastructure before the deadlines.
Here is the timeline of Google’s plans:
- December 1, 2017: As of this date, Google has required that TLS certificates no longer be issued by Symantec roots, but must be issued by another CA. As of December 1, DigiCert will be issuing all certificates for Website Security customers. This date does not mandate any immediate certificate changes, but officially transfers validation and issuance of Symantec certificates to DigiCert systems. From this date forward, Symantec customers can begin to request free replacement certificates. These replacement certificates will be valid through the issuance to the end of the certificate validity period.
- ~March 15, 2018: Chrome beta will distrust certificates issued by Symantec before June 1, 2016. The public release of Chrome is expected on April 17, 2018.
- ~September 13, 2018: Chrome beta will distrust all certificates issued by Symantec. The public release of Chrome is expected in mid-October of 2018.
Now you must be wondering: “Do I need to reissue my SSL certificate? When do I need to renew my certificate?” Well, let us put in simple terms. Here’s all you need to know:
- If your certificate was issued before June 1, 2016, you’d need to reissue/replace your certificate before March 15, 2018.
- If your certificate was issued after June 1, 2016, and before December 1, 2017, you’ll need to reissue/replace your certificate before September 13, 2018.
- And if your issuance date is after December 1, 2017, you don’t need to reissue your certificate.
Here’s a picture to make the picture clearer:
Now that you know when to reissue your certificate, you must have some questions regarding the renewal process. Let us answer them for you.
Do I need to pay any charges for reissuance?
No. The reissuance is entirely free.
I issued a certificate from GeoTrust/RapidSSL/Thawte. Am I eligible for the reissuance?
Yes, totally. In case you are not sure whether your certificate is eligible for reissuance or not? You could check your certificate through Symantec SSL/TLS Certificate reissue checker tool. Simply add your domain name and click “Check Now” button and see the result.
Do I need to undergo the vetting process if I have OV/EV certificate?
Yes, you’ll need to. As your “new” certificate will have to be issued from DigiCert’s infrastructure, they will need to verify your details.
How good is DigiCert?
Pretty good we’d say. DigiCert has established itself as the premium provider of high-assurance digital certificates. When it comes to the validation process, DigiCert comes second to none thanks to its super-efficient PKI infrastructure. Where it takes days for other CAs to issue certificates, DigiCert does this in minutes.
How to Reissue?
If you’re one of our existing customers, follow the steps given in this link to for a seamless reissuance experience.
If you’re not one of our customers, you either need to contact your vendor or do it directly by going to your CA portal. Here are the links:
If you have even the slightest of doubts or concerns, contact our ever-available, friendly team of SSL experts.