DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

DigiCert Certificate Status IP Addresses

Solution ID : ALERT19
Last Modified : 04/30/2024


This page contains the DigiCert dedicated IP addresses for DigiCert Online Certificate Status Protocol (OCSP), Certificate Revocation List (CRL), and a few other DigiCert services. 

How do these IP addresses affect my digital certificate environment?

DigiCert certificate status IPv4 addresses

DigiCert certificate status IPv6 addresses

On July 30, 2024, at 10:00 MDT (16:00 UTC), DigiCert will assign new dedicated IPv6 addresses to our Online Certificate Status Protocol (OCSP), Certificate Revocation List (CRL), and a few other DigiCert services.

If your company uses allowlists and supports or plans to support IPv6 addresses, you need to update your firewalls to allow outbound connectivity to the IPv6 addresses. See DigiCert certificate status IPv6 addresses below.

 

How do these IP addresses affect my digital certificate environment?

Do you have DigiCert certificates? Do you use allowlists to control inbound and outbound connectivity to your environment?

Then, check the tables below and add the necessary IP addresses (IPv4 and IPv6) to your allowlist. You must allow outbound connectivity to these addresses to verify if a certificate should be trusted.

OCSP and CRL distribution endpoints using any of the following subdomains do not use the IPv4 or IPv6 addresses in the tables below: 

  • one.digicert.com
  • one.nl.digicert.com
  • one.ch.digicert.com
  • ​one.digicert.co.jp
  • one.oracle.digicert.com.


What are OCSPs and CRLs used for?

Your applications and browsers call one of our OCSP or CRL endpoints to learn the revocation status of a DigiCert certificate, such as a TLS or code signing certificate.

  • If the certificate is not listed in the CRL and the OCSP status is good, you can trust it to protect the website or verify the code it signed.
  • If the certificate has been revoked, you should no longer trust it to protect the website or verify the code it signed.


DigiCert certificate status IPv4 addresses

Most of the IPv4 addresses are for the DigiCert OCSPs and CRLs. However, we have included some additional PKI Platform 8 services in the table.

Service URL IPv4 addresses
CertCentral Global OCSPs
  • ocsp.digicert.com
  • status.thawte.com
  • status.geotrust.com
  • status.rapidssl.com
  • kr.ocsp.digicert.com
  • ocsp.digicert-cn.com
  • ocsp.edge.digicert.com
  • ocsp.omniroot.com
  • ocsp1.digicert.com
  • ocsp2.digicert.com
  • ocspx.digicert.com
  • statusd.digitalcertvalidation.com
  • statuse.digitalcertvalidation.com
  • statusf.digitalcertvalidation.com
  • statush.digitalcertvalidation.com
  • www.public-trust.com
  • 192.229.211.108
  • 192.229.221.95
  • 152.195.38.76
  • 192.16.49.85
CertCentral Global CRLs
  • crl3.digicert.com
  • crl4.digicert.com
  • cdp.thawte.com
  • cdp.geotrust.com
  • cdp.rapidssl.com
  • cdp1.digicert.com
  • cdp1.public-trust.com
  • cdp2.digicert.com
  • cdph.digitalcertvalidation.com
  • crl.digicert-cn.com­­
  • crl.edge.digicert.com
  • crl.pki.abb.com
  • www.public-trust.com
  • 192.229.211.108
  • 192.229.221.95
  • 152.195.38.76
  • 192.16.49.85
CertCentral Europe OCSPs
  • ocsp.digicert.eu
  • 192.229.211.153
  • 192.229.221.140
  • 152.195.35.161
  • 192.16.48.236
CertCentral Europe CRLs
  • crl.digicert.eu
  • 192.229.211.153
  • 192.229.221.140
  • 152.195.35.161
  • 192.16.48.236
CertCentral Europe CA certificates
  • cacert.digicert.eu
  • 192.229.211.153
  • 192.229.221.140
  • 152.195.35.161
  • 192.16.48.236
PKI Platform 8 CRLs
  • See the attached csv file – pki-platform-8-crl-ca-cert-urls.csv
  • 192.229.211.108
  • 192.229.221.95
  • 152.195.38.76
  • 192.16.49.85
PKI Platform 8 OCSPs
  • See attached csv file - pki-platform-8-ocsp.csv
  • 152.195.50.149
  • 152.199.19.74
  • 152.199.38.90
  • 192.16.49.240
PKI Platform 8 CA certificates
  • See the attached csv file – pki-platform-8-crl-ca-cert-urls.csv
  • 192.229.211.108
  • 192.229.221.95
  • 152.195.38.76
  • 192.16.49.85
PKI client downloads
  • pkiclient-updater.digicert.com
  • pki-downloads.digicert.com
  • 192.229.211.108
  • 192.229.221.95
  • 152.195.38.76
  • 192.16.49.85
QuoVadis TrustLink OCSP
  • ocsp.quovadisglobal.com
  • 152.195.13.36
  • 152.195.132.213
  • 152.195.38.89
  • 192.16.49.125
*DigiCert ONE: If your Trust Lifecycle, Software Trust, or Document Trust Manager (USA, CH, NL, JP) uses public certificates from CertCentral Global, CertCentral Europe, or PKI Platform 8, you may want to add these IPv4 addresses to your allowlist.

 

DigiCert certificate status IPv6 addresses

Most of the IPv6 addresses are for the DigiCert OCSPs and CRLs. However, we have included some additional PKI Platform 8 services in the table

*Service URL IPv6 addresses
CertCentral Global OCSPs
  • ocsp.digicert.com
  • status.thawte.com
  • status.geotrust.com
  • status.rapidssl.com
  • kr.ocsp.digicert.com
  • ocsp.digicert-cn.com
  • ocsp.edge.digicert.com
  • ocsp.omniroot.com
  • ocsp1.digicert.com
  • ocsp2.digicert.com
  • ocspx.digicert.com
  • statusd.digitalcertvalidation.com
  • statuse.digitalcertvalidation.com
  • statusf.digitalcertvalidation.com
  • statush.digitalcertvalidation.com
  • www.public-trust.com

2606:2800:21f:e650:1228:c9d5:7af4:5a5b

2606:2800:233:fa02:67b:9ff6:6107:833

2606:2800:247:57cb:4371:48bc:8b00:14c3

2606:2800:257:5867:485:5080:9d02:28b7

CertCentral Global CRLs
  • crl3.digicert.com
  • crl4.digicert.com
  • cdp.thawte.com
  • cdp.geotrust.com
  • cdp.rapidssl.com
  • cdp1.digicert.com
  • cdp1.public-trust.com
  • cdp2.digicert.com
  • cdph.digitalcertvalidation.com
  • crl.digicert-cn.com
  • crl.edge.digicert.com
  • crl.pki.abb.com

2606:2800:21f:e650:1228:c9d5:7af4:5a5b

2606:2800:233:fa02:67b:9ff6:6107:833

2606:2800:247:57cb:4371:48bc:8b00:14c3

2606:2800:257:5867:485:5080:9d02:28b7
CertCentral Europe OCSPs
  • ocsp.digicert.eu

2606:2800:21f:9c1e:67b0:7bce:849:df00

2606:2800:233:74d9:9d2c:b7bf:16ae:2ec

2606:2800:247:868c:d31a:6345:7b:a3c0

2606:2800:257:1ac8:59c0:2581:25ed:64bc
CertCentral Europe CRLs
  • crl.digicert.eu

2606:2800:21f:9c1e:67b0:7bce:849:df00

2606:2800:233:74d9:9d2c:b7bf:16ae:2ec

2606:2800:247:868c:d31a:6345:7b:a3c0

2606:2800:257:1ac8:59c0:2581:25ed:64bc
CertCentral Europe CA certificates
  • cacert.digicert.eu

2606:2800:21f:9c1e:67b0:7bce:849:df00

2606:2800:233:74d9:9d2c:b7bf:16ae:2ec

2606:2800:247:868c:d31a:6345:7b:a3c0

2606:2800:257:1ac8:59c0:2581:25ed:64bc
PKI Platform 8 CRLs
  • See the attached csv file – pki-platform-8-crl-ca-cert-urls.csv

2606:2800:21f:e650:1228:c9d5:7af4:5a5b

2606:2800:233:fa02:67b:9ff6:6107:833

2606:2800:247:57cb:4371:48bc:8b00:14c3

2606:2800:257:5867:485:5080:9d02:28b7
PKI Platform 8 OCSPs
  • See attached csv file - pki-platform-8-ocsp.csv

2606:2800:21f:5923:5d60:4b12:209c:3bb3

2606:2800:233:f75c:41f2:5278:c97:7c42

2606:2800:247:5f3a:a0d1:7719:f5b7:4aa7

2606:2800:257:b88b:6a1:e8d5:31ac:b760
PKI Platform 8 CA certificates
  • See the attached csv file – pki-platform-8-crl-ca-cert-urls.csv

2606:2800:21f:e650:1228:c9d5:7af4:5a5b

2606:2800:233:fa02:67b:9ff6:6107:833

2606:2800:247:57cb:4371:48bc:8b00:14c3

2606:2800:257:5867:485:5080:9d02:28b7
PKI client downloads
  • pkiclient-updater.digicert.com
  • pki-downloads.digicert.com

2606:2800:21f:e650:1228:c9d5:7af4:5a5b

2606:2800:233:fa02:67b:9ff6:6107:833

2606:2800:247:57cb:4371:48bc:8b00:14c3

2606:2800:257:5867:485:5080:9d02:28b7
QuoVadis TrustLink OCSPs
  • ocsp.quovadisglobal.com

2606:2800:21f:21f4:c91e:c3c9:75b4:341d

2606:2800:233:7a2d:90b3:5a75:2722:801b

2606:2800:247:3577:6861:1cf4:9ff1:ab05

2606:2800:257:db7f:cb04:fdd:d200:8f3f
*DigiCert ONE: If your Trust Lifecycle, Software Trust, or Document Trust Manager (USA, CH, NL, JP) uses public certificates from CertCentral Global, CertCentral Europe, or PKI Platform 8, you may want to add these IPv6 addresses to your allowlist.

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.