Symantec and DigiCert Acquisition FAQs
As industry leaders, we’ve been exposed to major acquisitions in the past and can anticipate many of the common questions our customers ask. Our SSL specialists put together the follow questions and answers to help customers quickly make sense of all this wonderful industry news. If you still have questions, our SSL specialists are available 24/7/365 via email, live chat, and telephone.
1. When did Symantec & DigiCert complete the acquisition?
On October 31, 2017, DigiCert, Inc. completed the acquisition of the Symantec Corp. Certificate Authority business, which includes all website security assets related to SSL & PKI (GeoTrust, Thawte, RapidSSL) for $950 million in cash and a 30% stake in common stock equity.
2. What does Trust The Site think of this acquisition?
This is great news!!! The acquisition of Symantec’s SSL business is absolutely the best-case scenario for the entire SSL community. This is by far the quickest way to enhance the SSL ecosystem, improve product offerings, increase efficiencies, provide better support and superior validation practices that are safe, secure, and most of all, trusted by the browser community unequivocally. DigiCert has announced its new PKI system will be implemented by December 1, 2017 to ensure all newly issued certificates are compatible will all browsers going forward.
3. What benefits will I gain from this acquisition?
DigiCert is best known for being speedy, reliable, and efficient, specifically when it comes to exceptional customer support and fast certificate issuance. Now Symantec customers will experience this level of service in addition to industry-leading OCSP response times. In the coming months, Symantec customers will gain access to the full line of DigiCert products to complement those that you have enjoyed from Symantec. These include DigiCert’s SSL and private PKI services, leading PKI-based solutions for IoT device security, and an award-winning certificate management platform.
4. Does the acquisition resolve the Symantec compliance issues with the browsers?
Per a recent DigiCert Announcement: “Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec-issued certificates while balancing the TLS implementations currently deployed. This plan is close to completion and will minimize impacts, allowing customers to continue securing their transactions. Symantec-issued certificates impacted by the browser timelines will need to be replaced. These will be replaced at no cost to customers at the appropriate time, and we’ll work to ensure a smooth process. More information will be forthcoming for affected parties.”
5. Will reseller or enterprise partners notice any significant changes in the program?
Yes, you will see improvements over time. Partners can expect new web security solutions, faster issuance times from vendors, and better response time from the Certificate Authority. As always, Trust The Site will proactively inform partners about any improvements within the respective program(s).
6. Will the Encryption Everywhere program continue under DigiCert?
Yes. Strategic web hosting partners of Trust The Site can continue enjoying the Encryption Everywhere program and everything it has to offer.
7. Will the Norton Shopping Guarantee program continue under DigiCert?
Yes, enterprise partners will continue using their existing MPKI solutions from Symantec. The move to a more innovative, next-gen platform is scheduled for early 2018 and may require an API update to the new servicing URL. Trust The Site will communicate changes as they arise and will ensure any changes are seamless for your business.
8. Will partners need to update their integration option (i.e. API, plugin, module) with Trust The Site to accommodate this acquisition?
No. Partners may continue using our API, plugins, storefronts, etc. as normal. However, if any improvements are developed by Trust The Site partners will be notified respectively in separate announcements.
9. Will partner contracts and day-to-day functions be impacted by the DigiCert acquisition?
No. All contracts, prepaid funds, credit terms, account balances, pricing, etc. with Trust The Site will remain the same today. You will experience no change in account managers, support managers, or lines of communications with our Customer Experience Department.
10. Will the Norton Shopping Guarantee program continue under DigiCert?
Yes. eCommerce website owners can still benefit from this conversion optimization program.
11. Will any product features change with Symantec, GeoTrust, Thawte, and RapidSSL certificates?
Yes. These brands will soon have new, fully trusted CA root certificates that will allow customers to continue securing all internet traffic with confidence. Trust The Site will automatically provide all customers with the correct certificate files after issuance of new, renewed, or reissued certificates.
12. Will the process of purchasing Symantec certificates change in your account?
No. You can still purchase and benefit from the premium features of Symantec-issued certificates as normal.
13. Can you continue managing previously purchased Symantec certificates?
Yes. You still have access to manage all certificates details within your control panel.
14. Will Symantec certificates remain valid until their expiration dates?
It depends. The certificate itself will remain valid until expiration, however, browsers need all customers to replace existing Symantec-issued certificates before certain dates in 2018. The date when customers should replace their existing certificates is all dependent on the original issue date, expiration date, and browser timeline. All existing certificates impacted by the 2018 browser dates will receive instructions by Trust The Site on how to replacement certificates for the remaining validity period at no cost to them.
Learn more about the dates that influence certificate replacements here.
15. Will Symantec SSL/TLS certificates continue to work after the acquisition?
Yes, this business deal between Symantec and DigiCert has no impact on your certificates’ validity periods. Unless impacted by the 2018 browser dates, all Symantec issued certificates will remain valid until their expiry date.
16. Has the process of ordering and managing my Symantec certificates changed?
No. You can continue procuring and managing certificates within your control panel like usual. We already did the heavy lifting to ensure you have a smooth transition.
17. Will the validation process change in the near future?
Yes. DigiCert is known for its highly refined validation process, which means customers may experience faster verification times. Although all Symantec workflows may be supported initially, DigiCert plans to implement changes as necessary to support existing needs. Trust The Site will update validation documentation, support material, and customer notifications once additional details are provided by DigiCert.
18. Any changes for code signing customers?
No. You can continue securing applications like nothing ever happened. If anything changes Trust The Site will let you know.
19. What is happening with the trusted site seals (i.e. Norton Secured Seal)?
Any seal issued by Symantec will continue to work and remain valid until certificate expiration. Any changes will be communicated by Trust The Site.
20. What will happen with the Root CA Certificate Hierarchies?
Browsers will slowly phase out existing Symantec root certificates over the next year. DigiCert has already begun cross-signing certain roots with the older Symantec roots to provide a wide ubiquity. Any customers impacted by this process will receive step-by-step instructions from Trust The Site on how to seamlessly resolve any issues within the least amount of time. Customers relying on a specific Symantec root should contact Trust The Site immediately for assistance with the transition.
21. Will DigiCert change the Root structure?
Yes, but not immediately. DigiCert plans to create new roots that are cross-signed by the existing Symantec roots. These new roots will be embedded in browsers, providing a seamless transition for most customers. Customers with pinned intermediates or roots should contact Trust The Site immediately for assistance.
Reissue Details (Next Steps)
22. Do customers need to replace their existing Symantec-issued certificates?
Yes. Depending on the original issue date and expiration date, customers will need to reissue/replace impacted certificates before March 2018 or September 2018. Please refer to the instructions sent by Trust The Site on how to effectively and efficiently replace your certificates.
23. What are the important dates to replace existing Symantec-issued certificates to continue browser trust?
- If the certificate issue date is before June 1, 2016 and expires before September 13, 2018, customers can begin reissuing them today through March 15, 2018.
- If the certificate issue date is before June 1, 2016 and expires after September 13, 2018, customers should reissue or renew them between December 1, 2017 through March 15, 2018.
- If the certificate issue date is after June 1, 2016 and expires after September 13, 2018, customers should reissue or renew them between December 1, 2017 through September 13, 2018.
24. Does replacing SSL certificates cost any additional fees?
No. There is no cost in reissuing/replacing certificates. However, if your certificate is within 90 days of expiration, customers should renew the certificate instead to avoid replacing the certificate twice.
25. Do customers need to generate a new CSR & private key?
No. You can use the previously generated key pair only if the RSA private key is saved in a secure location. If the private key is lost or inaccessible, customers should generate a new CSR and private key on their web server (recommended) or by using an online tool.
26. Can customers switch domain validation methods during reissuance?
It depends. If the original method was File/DNS Authentication, customers can contact support to switch to email based authentication. The email method will allow you to use the WHOIS email or one of 5 pre-approved alias addresses (admin@, administrator@, webmaster@, hostmaster@, and postmaster@).
27 Do OV SSL customers need to re-validate their business details during reissuance?
Yes. After December 1, 2017, all business details related to the certificate will be validated again by DigiCert.
28. Do EV SSL customers need to re-validate their business details during reissuance?
Yes. After December 1, 2017, all business details related to the certificate will be validated again by DigiCert.
29. Can Symantec re-use previously validated business details after December 1, 2017?
No. All business details related to the certificate will be validated again by DigiCert.
30. Do customers have to install the re-issued SSL Certificate by DigiCert?
Yes. You need to install/configure the certificate again on your web server, application, or device to properly update the certificate files. For assistance, contact our friendly SSL specialists.
31. Does the certificate expiration date change during reissuance?
No. The expiration date will not change. The reissue process simply allows customers to receive a new copy of the original certificate for free.