All Products
Search

This Product

    Certificate Management Service:[Announcement] Update of DigiCert root certificates

    Document Center

    Certificate Management Service:[Announcement] Update of DigiCert root certificates

    Last Updated:Sep 20, 2023

    Dear Alibaba Cloud users,

    Mozilla updated its trust policy for root certificates. The new policy requires the root certificates of all certificate authorities (CAs) in the world to be changed at least once every 15 years from creation. Root certificates that are not changed 15 years from creation gradually lose trust from Mozilla. DigiCert starts to gradually update some existing root certificates to DigiCert Global Root G2 from the middle of March, 2023.

    Update details

    Involved root certificates

    Original root certificate

    Time when Mozilla trust is lost

    Impact scope

    New root certificate

    Baltimore CyberTrust Root

    April 15, 2025 (The root certificate expires on May 15, 2025.)

    Cross certificates used to ensure compatibility

    DigiCert Global Root G2

    DigiCert Global Root CA

    April 15, 2026

    DigiCert domain validated (DV) and organization validated (OV) certificates

    DigiCert Global Root G2

    DigiCert High Assurance EV Root CA

    April 15, 2026

    DigiCert extended validation (EV) certificates

    DigiCert Global Root G2

    Involved DV certificate chains

    Certificate brand

    Original intermediate certificate

    Original root certificate

    New intermediate certificate

    New root certificate

    GeoTrust and RapidSSL

    RapidSSL Global TLS RSA4096 SHA256 2022 CA1

    Digicert Global Root CA

    RapidSSL TLS RSA CA G1

    Digicert Global Root G2

    DigiCert

    Encryption Everywhere DV TLS CA - G1

    Digicert Global Root CA

    Encryption Everywhere DV TLS CA - G2

    Digicert Global Root G2

    Update impact

    • DigiCert Global Root G2 uses the SHA-256 signature algorithm, which helps improve security.

    • Certificates that are issued before the middle of March, 2023 are not affected. From the middle of March, 2023, DigiCert, GeoTrust, and RapidSSL certificates are issued by using new root and intermediate certificates.

    • The new root system is compatible with mainstream operating systems and mobile devices.

    • The root certificates that are preconfigured for clients such as apps and IoT terminals are affected. We recommend that you use the default Truststore to implement verification in this scenario.

    If you have questions, contact your account manager.

    Thank you for your support.