With DigiCert’s completed acquisition of Symantec’s Website Security business we will be updating our Code Signing public trust chains to modernize and streamline our Code Signing offerings.
All development, validation environments with hard-coded PKI hierarchies must be updated with the new chain.
These changes will apply to all code-signing products (MSFT Authenticode, Oracle Java, MSFT Office & VBA, Adobe Air and Extended validation).
There is no impact to existing code-signing certificates or the validity of signed files, whether timestamped or otherwise. We expect to issue all new code signing certificates from DigiCert’s hierarchy and infrastructure starting April 2018.
For information on changes to the Code Signing public trust chains please refer to the knowledge base article: New PKI Trust Chain for Code Signing
Please check as soon as possible for system dependences, or hard-coded Symantec/Thawte roots to processes and modify accordingly to trust new certificates.
· Consolidating and streamlining Symantec and Thawte’s PKI chain will improve both security and compliance going forward.
· This includes consolidating legacy resources, vetting and issuance systems acquired from Symantec’s Website Security business.
· No. The changes only apply to all new, renewed or reissued certificates enrolled after the dates stated above.
· Certificates using the current hierarchy are still valid and will continue to work until they expire.
· Yes. We will update our existing services with the DigiCert signer to remove dependency on legacy services, or transition them to DigiCert services.
· This is a parallel project which should not affect channel partners or customers.
· The dates or plans for this is not finalized.