DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Advisory: 8 March 2023 Intermediate Certificate Authorities (ICA) certificates expired

Solution ID : AL090323135305
Last Modified : 10/21/2023


On 8 March 2023, at 05:00 MST (12:00 UTC), the following DigiCert Intermediate Certificate Authority (ICA) certificates expired:

  • DigiCert Secure Server CA—Serial # 069e1db77fcf1dfba97af5e5c9a24037
  • DigiCert SHA2 Secure Server CA—Serial # 01fda3eb6eca75c888438b724bcfbc91
  • DigiCert ECC Secure Server CA—Serial # 0acb28ba465ee53908767470f3cdc612

We’ve been informed that some customers are experiencing a certificate expired error message due to expired ICA certificates. DigiCert previously communicated planned ICA replacement plans for expiring ICAs to our customers.

Replacement ICA certificates

Expired ICA certificate New ICA New ICA serial #  Download Links 
DigiCert SHA2 Secure  Server CA DigiCert SHA2 Secure Server CA 02742eaa17ca8e21c717bb1ffcfd0ca0

Download PEM |

Download DER/CRT

DigiCert Secure Server CA DigiCert TLS RSA SHA256 2020 CA1 06d8d904d5584346f68a2fa754227ec4

Download PEM |

Download DER/CRT

DigiCert ECC Secure Server CA DigiCert TLS Hybrid ECC SHA384 2020 CA 07f2f35c87a877af7aefe947993525bd

Download PEM |

Download DER/CRT

 For more details, see our knowledge base article, DigiCert ICA Update, in the November 2020 ICA Replacements table.

What can I do?

Do you pin or hard code certificate trust?

  • No, I do not.

    Clear Caches on your servers.

  • Yes, I practice pinning or hard code certificate trust.
    • Update pinning/code: If you have pinned certificates by the Subject name/Serial number/Thumbprint, you will need to update the pinning information with the new certificates' Subject name/Serial number/Thumbprint.
    • Stop pinning/hard-coding trust: DigiCert recommends you stop pinning/hard-coding certificate trust due to operational risks. See our blog, Stop Certificate Pinning.