Alibaba Cloud to replace its SSL root certificate with DigiCert on Feb 10, 2026. The new certificate is compatible with most environments, but some endpoints require an intermediate certificate update. - Certificate Management Service

Dear Alibaba Cloud user,

To improve the service quality and security of Certificate Management Service, Alibaba Cloud will update the root Certificate Authority (CA) for Alibaba Cloud-branded SSL certificates from GlobalSign to DigiCert, effective February 10, 2026. While this update will not affect most scenarios, specific terminal environments may require intermediate certificate updates to ensure continued compatibility.

Update time

Starting February 10, 2026, all newly issued Alibaba Cloud-branded SSL certificates will be signed using the new DigiCert root and intermediate certificates.

Impact

SSL certificate pricing adjustments

Effective February 13, 2026, pricing for selected Alibaba Cloud certificates will be updated as follows:

DV single-domain certificates: Reduced from USD 99 to USD 75.
DV wildcard certificates: Adjusted from USD 199 to USD 300.

Certificates issued before February 10, 2026

Existing certificates remain valid and functional until their expiration. No action is required.

Certificates issued on or after February 10, 2026

Action dependent on your application environment.

Scenario A: No action required (automatic compatibility)

The new DigiCert root and cross-root certificates are pre-integrated into mainstream environments. Connections will remain seamless for:

Standard PC browsers.
Mini-program services.
Mainstream operating systems (Windows, macOS, Linux).
Modern mobile devices (iOS, Android) and standard JDK environments.

Scenario B: Manual update required

Manual intervention is required if your certificates are used in restricted or customized environments:

Mobile apps: Using certificate pinning.
IoT endpoints: Embedded devices with restricted truststores.
Non-PC browser environments: Specialized client software or legacy systems.
Java clients: Using custom truststores (such as specific cacerts files).

Required actions for scenario B

In the environments listed above, the pre-installed Alibaba Cloud root certificates must be updated to ensure HTTPS connection stability. Please choose one of the following methods:

Replace intermediate certificates: Download and install the new intermediate certificates for your certificate type.
Configure system truststore: Switch from a hardcoded certificate to the system's default truststore for automatic validation.

Intermediate certificate downloads

Download the corresponding intermediate certificates (CER format) based on your certificate type:

RSA certificates:

Aliyun RSA TLS DV G1.cer - Domain Validated (DV)
Aliyun RSA TLS OV G1.cer - Organization Validated (OV)

ECC certificates:

Aliyun ECC TLS DV G1.cer - DV
Aliyun ECC TLS OV G1.cer - OV

Support

If you have any questions, please contact your account manager. Thank you for your continued understanding and support.