DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

New CRL and OCSP CDN IP addresses | PKI Platform 7 and 8

Solution ID : AL070621153835
Last Modified : 11/21/2023


We had planned to change our CRL and OCSP IP addresses for DigiCert PKI Platform 7 and 8 on June 15, 2021 and we asked you to allowlist our new IP addresses. This change has been delayed, and we will not be cutting over to the new IP addresses yet. 

What is the impact?

  • If you already made this change, no action is required.
  • If you have not already made this change, no action is required yet and we will contact you when we have a new official date for cutover.
  • This change affects environments that use DigiCert-hosted CRLs and OCSP services only when using IP addresses instead of DNS for validation services.
  • You are not affected when you use your own CRL Distribution Points (local URLs). 

What do I need to do?

For firewalls or access control devices that reference IP addresses instead of domains, you will need to add our current and future CDN IP addresses in your existing allowlist.

DigiCert PKI Platform 7

Domain name:

Current IP addresses

New IP addresses


No change (already highly-available)


No change (already highly-available)




DigiCert PKI Platform 8

Domain name

Current IP addresses

New IP addresses



No change (already highly-available)


No change (already highly-available)


No change (already highly-available)

If you use IP allowlisting, add new IP addresses to your allowlist without removing any firewall configurations. 

If you have any queries or concerns, please contact PKI Support.