DigiCert’s Commitment to Keeping the Public Trust

Jeremy Rowley
Oct 31, 2017 · 4 min read

During a recent interview, I was asked “could you have picked a worse time to acquire Symantec’s Website Security business?” The interviewer was joking, but I understood the point. Not only are cyberattacks constantly growing in number and sophistication, but the debate within the browser community about trust in the Symantec certificates created uncertainty about the industry. Others questioned if DigiCert could handle the scale of Symantec’s operations.

We started preparing for this transaction a couple of years ago when we worked towards scaling our infrastructure for the huge increase in certificate usage brought on by the Internet of Things. Although we didn’t foresee purchasing Symantec’s Website Security business at that time, focusing on scale and operations ensured we could manage the increased load.

Now that we’ve closed, the fun starts. Our first task is to ensure all Symantec and DigiCert customers continue to receive the same high-quality services they are used to. This includes integration of the systems and consolidation of the different platforms. Some of this work already happened as Symantec previously selected DigiCert to operate the Sub CA under the browser requirements. This work has prepared our systems and Symantec’s for a smooth integration. Now that the acquisition is closed and we can communicate more openly, we plan to expand our engagement with the security community to explore paths that addressed concerns about Symantec-issued certificates and balance the TLS implementations currently deployed.

The processes we are working on will meet the milestones set forth by the browsers, including:

· Migrating the Symantec back-end to DigiCert’s infrastructure to ensure we can replace Symantec certificates impacted by browser Symantec root distrust schedules as early as Dec. 1, 2017.

· Creating a path for a new root structure and cross-signing intermediates in a way that allows for continued ubiquitous trust, while aligning to browser schedules for deprecating through fall 2018.

· Replacing the Symantec validation processes and aligning them with DigiCert, and training DigiCert’s staff.

· Preparing to start replacing (at no cost) Symantec-issued certificates affected by browser requirements beginning as early as Dec. 1, 2017 and through fall 2018.

We will communicate early with those impacted and offer the 24/7 availability of our global support team to help all customers with the process.

Put simply, the transition of SSL validation, issuance and other processes to DigiCert provides Symantec customers with a clear path forward on how to maintain trust in their SSL certificates. Symantec customers can be confident that they will have continuity in their website security.

After we complete the validation and issuing migration to DigiCert, we want to simplify our tools and platforms, largely by consolidating into a uniform user experience. Post-close, we will inherit multiple platforms that operate differently on various pieces of infrastructure. This requires multiple changes when industry standards are updated. Our goal is to provide all customers with one uniform experience without impacting how people use their certificates. The new platform will reduce the number of entry points into the system, funneling all customers into a single validation and issuing system.

We are keen to complete the migration and get back to our passion — improving Internet security. The Symantec acquisition is bringing over many talented people who have spent much of their careers working on advancing SSL/TLS/PKI. Their talent, combined with the existing DigiCert team, will help fuel innovation and industry leadership. During the migration, we will continue to dedicate resources to new ideas and technologies that will help keep Internet users secure.

Simplifying the platforms will also free up talent to meet our third key objective: expanding upon DigiCert’s participation in industry groups and working on industry standards. Quite simply, we love PKI and talking about it. This acquisition will give us more resources to expand our already-active leadership in various groups. We will seek to live up to our charge of being a global leader in trusted PKI-based authentication and encryption solutions for the web and IoT.

Over the years, we’ve worked with the technology community to define how interoperable online trust models work. We take an active leadership role with industry standards including the CA/Browser Forum, Online Trust Alliance, ICANN and Wi-Fi Alliance. We stretch ourselves to participate wherever possible. With this acquisition, we will have a presence at more conferences and industry events, and we welcome the opportunity to take an even more active role in advancing education on the important role certificates play in securing all types of communications.

We feel accountable for the trust placed in us by our customers, partners and the security community. We greatly appreciate the patience our customers and partners have shown us, and are excited for the opportunity ahead. We have always been customer-focused and collaborative with the security community, and will continue to provide transparency about the work we’re doing on the front- and back-ends. DigiCert has the resources, the capabilities and the infrastructure to handle the scale of our new operations and build on the trust we have established with our customers. We look forward to offering Symantec customers the things they loved most about working with Website Security, alongside DigiCert’s focus on people and operational excellence that has helped us build a strong, loyal customer base.


Jeremy Rowley

Written by

Jeremy Rowley leads DigiCert’s product management teams and participates in various industry standard groups.