Dear Alibaba Cloud users,
The trust library of Mozilla updated its root certificate trust policy, requiring that global certificate authorities (CAs) replace their root certificates at least once every 15 years after the root certificates are generated. Root certificates exceeding this period of time become untrusted by Mozilla. Starting December 1, 2024, DigiCert gradually uses new intermediate and root certificates to issue SSL certificates.
Impacts
Certificates issued before December 1, 2024 are not affected.
Certificates issued after December 1, 2024 and whose root certificates are not preconfigured for clients such as apps and IoT terminals are affected. You can download and replace the latest root certificates or use the default trust library to implement verification.
DigiCert Global Root G2 is released to replace DigiCert Global Root G1, and cross-signing is complete. DigiCert Global Root G2 is compatible with mainstream operating systems, mobile devices, and Java Development Kits (JDKs).
DigiCert Global Root G2 uses the Secure Hash Algorithm (SHA)-256 algorithm, which enhances security.
If you have any questions, contact your account manager.
Thank you for your support.
Details
Affected root certificates
Original root certificate | Time when Mozilla trust is lost | Impact scope | New root certificate |
Baltimore CyberTrust Root | April 15, 2025 (The root certificate expires on May 15, 2025.) | Cross certificates used to ensure compatibility | DigiCert Global Root G2 |
DigiCert Global Root CA | April 15, 2026 | DigiCert domain validated (DV) and organization validated (OV) SSL certificates | DigiCert Global Root G2 |
DigiCert High Assurance EV Root CA | April 15, 2026 | DigiCert extended validation (EV) SSL certificates | DigiCert Global Root G2 |
DigiCert Global Root G2 | April 15, 2029 | Enabled on March 8, 2023 to issue new DigiCert SSL certificates | N/A |