Knowledge Base

Description

On 8 March 2023, at 05:00 MST (12:00 UTC), the following DigiCert Intermediate Certificate Authority (ICA) certificates expired:

• DigiCert Secure Server CA—Serial # 069e1db77fcf1dfba97af5e5c9a24037
• DigiCert SHA2 Secure Server CA—Serial # 01fda3eb6eca75c888438b724bcfbc91
• DigiCert ECC Secure Server CA—Serial # 0acb28ba465ee53908767470f3cdc612

We’ve been informed that some customers are experiencing a certificate expired error message due to expired ICA certificates. DigiCert previously communicated planned ICA replacement plans for expiring ICAs to our customers.

Replacement ICA certificates

What can I do?

Do you pin or hard code certificate trust?

• No, I do not.
  
  Clear Caches on your servers.
  
  
• Yes, I practice pinning or hard code certificate trust.
   
  
  • Update pinning/code: If you have pinned certificates by the Subject name/Serial number/Thumbprint, you will need to update the pinning information with the new certificates' Subject name/Serial number/Thumbprint.
  • Stop pinning/hard-coding trust: DigiCert recommends you stop pinning/hard-coding certificate trust due to operational risks. See our blog, Stop Certificate Pinning.