Ask a Question

Advanced Search

Alert ID : INFO4887

Last Modified : 10/11/2018

New Code-Signing PKI Hierarchy

Description

Please note that the release of these changes has been delayed until further notice. We will update this page once we have set a new date.


What is happening?

 

As part of the integration with DigiCert's certificate issuance platforms, we are updating our code signing PKI hierarchy. This change is essential for the modernization and streamlining of our code signing certificate offerings.

We expect to start issuing all new code signing certificates from DigiCert's hierarchy and infrastructure by October 31st. After this date, any end-entity certificate you issue will use the new PKI hierarchy. Watch this article for further confirmation on timelines.


Which services are affected by this change?

These hierarchy changes apply to all:

  •  Public signing services such as Microsoft, Extended Validation, and Java


What happens to my existing certificates?

Your existing certificates are not affected by this change-you may continue using existing certificates to sign your code.

PLEASE NOTE: There is no impact to existing code-signing certificates or the validity of signed files, whether timestamped or otherwise. However, starting October 31st, all new code-signing certificates will be issued from DigiCert’s hierarchy and infrastructure.


What happens when I replace a certificate after the hierarchy update?

Your replacement certificate will be signed under the new code signing hierarchy.


What happens when I renew a certificate after the hierarchy update?

Your renewal certificate will be signed under the new code signing hierarchy.


What is the action item for me?

If you have hard-coded the PKI hierarchies in your implementations, ensure that you update them with the new hierarchies.

What are the new Roots and ICAs?

The available new certificates are attached at the bottom of this article.

 

New Intermediate CAs

 
Certificate Type
DigiCert RSA
SHA-1
DigiCert RSA SHA-256
Under
SHA1- Root
DigiCert RSA SHA-256
Under
SHA2- Root
Microsoft Authenticode
Microsoft Office VBA
Java
Adobe Air
       

Select


  Select

 

 
Certificate Type
DigiCert RSA
SHA-256
Under
SHA1- Root
DigiCert RSA
SHA-256
Under
SHA2- Root
 
Extended
Validation
 
 
       

Select