DigiCert Inc., the leading global provider of scalable identity and encryption solutions for the enterprise, has announced significant milestones in the process of integrating and transitioning customers of Symantec’s Website Security and related PKI solutions business onto trusted DigiCert roots.
Since meeting browser requirements on Dec. 1, 2017 for DigiCert issuance of Symantec, Thawte, GeoTrust and RapidSSL certificates, DigiCert has issued millions of SSL certificates, including many new and replacement ones for affected Symantec customers. One of the major pre-requisites for issuing certificates is validating these organisations’ identities to assure user security. To-date, more than 75% of enterprises and the majority of SMB customers have completed this process, facilitating a faster issuance process moving forward.
DigiCert acquired Symantec’s Website Security business and related PKI solutions in late 2017, which elevated DigiCert to the position of the Industry’s largest Certificate Authority (CA) for enterprise and SMBs and the world’s leading provider of TLS, Code Signing, IoT and other PKI solutions. Prior to the deal, Google Chrome created a plan to gradually remove trust through security warnings in its Chrome browser of all Symantec and sub-branded Thawte, GeoTrust and RapidSSL-issued SSL/TLS certificates. DigiCert has since worked to fulfil browser requirements and provide a path for continued trust for Symantec customers.
“DigiCert has taken the necessary steps to address the needs of the browser community and is operating a program to simplify certificate issuance from trusted roots that allows Symantec certificate holders to continue their security operations with the fewest impacts,” explained Jeremy Rowley, EVP of Product for DigiCert.
The migration away from Symantec roots has been a significant undertaking because of the short time frame and volume of certificates, which coincides with the release of Google Chrome 66 beta on March 15, to be followed by the general, or ‘stable’, release of Chrome 66 in April.
“Any time you have a migration of this size, which is unprecedented in the CA industry, there are bound to be a few bugs and some lessons learned,” said Rowley, “Our top priority remains helping customers make a successful transition ahead of the browser timelines while our longer-term strategy is to add DigiCert’s modern technology and industry leadership to Symantec’s global scale to provide our partners and customers with the most robust, reliable and trusted end-to-end service.”
DigiCert provides the easiest path for Symantec-brand certificate holders to replace their certificates before they become distrusted by Chrome. While DigiCert has replaced Symantec back-end architecture to meet browser requirements, it has been able to keep in place front-end systems so that affected customers can replace these certificates for free through their existing portals – similarly to how they would renew an expiring certificate.
“There is no need to learn new systems, work with new account representatives and worry about negotiating new contracts,” said Rowley, “We have grown our support and validation team and undergone additional training so they can help customers and partners with questions they have as they replace affected Symantec-issued certificates.”
In Europe, DigiCert has over 100 staff working to help streamline the transition process for customers of all sizes, including the leading banking, retail, automotive and other companies across Europe.
In addition to updates in the DigiCert and Symantec certificate management portals to provide guidance on the transition programme, DigiCert teams in Europe have directly contacted partners and customers to explain how the process will take place and provide any technical assistance as needed. DigiCert has also created a simple tool that allows any customer to quickly check if a website is impacted by the Symantec root deprecation timelines simply by entering their domain name.
Commenting on the growth of DigiCert in Europe and the Symantec transition project, Rik Turner, Analyst for Ovum said, “DigiCert has addressed the Symantec trust issue, in which Google Chrome and Mozilla Firefox will distrust the latter’s certificates starting in April for Chrome and May for Firefox and is moving to help affected customers. Having acquired the Symantec certificate business last year, it is now facilitating certificate holders’ migration to its own trusted roots, with Europe as much a focus for this activity as North America. Additionally, DigiCert plans to bring SSL and PKI innovations to European customers moving forward.”
“As a global leader, we are committed to continually improving our infrastructure and processes to deliver the highest level of trust and innovative solutions for our customers,” said Rowley. “This transition project is just part of our longer-term goal to accelerate innovation of SSL/TLS and related PKI solutions, including simplifying certificate management for modern web and IoT security.”