On Tuesday, December 1, 2020, DigiCert will stop issuing SHA-1 code signing and SHA-1 EV code signing certificates.
Note: All existing SHA-1 code signing/EV code signing certificates will remain active until they expire. For more details, see the What do I need to do? Section below.
The industry is moving away from SHA-1 code signing and SHA-1 EV code signing certificates and from SHA-1 code signing, EV code signing, and timestamping intermediate CA and root certificates.
To comply with the new industry standards, certificate authorities (CAs) must make these changes by January 1, 2021:
As of December 1, 2020, you cannot:
If you rely on SHA-1 code signing certificates, take these actions as needed before Tuesday December 1, 2020:
*Note: You can still use an existing SHA-1 code signing certificate to sign code, after you reissue it and get a SHA-2 code signing certificate. Reissues don't revoke the previously issued code signing certificate.