URGENT
DigiCert stopped issuing SHA-1 code signing and SHA-1 EV code signing certificates on December 1, 2020.
Note: All existing SHA-1 code signing/EV code signing certificates will remain active until they expire. For more details, see the What do I need to do? Section below.
The industry is moving away from SHA-1 code signing and SHA-1 EV code signing certificates and from SHA-1 code signing, EV code signing, and timestamping intermediate CA and root certificates.
To comply with the new industry standards, certificate authorities (CAs) must make these changes by January 1, 2021:
See Appendix A in the Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates.
As of December 1, 2020, you cannot:
If you rely on SHA-1 code signing certificates, take these actions as needed before Tuesday December 1, 2020:
*Note: You can still use an existing SHA-1 code signing certificate to sign code, after you reissue it and get a SHA-2 code signing certificate. Reissues don't revoke the previously issued code signing certificate.