Please note that the release of these changes has been delayed until further notice. We will update this page once we have set a new date.
What is happening?
As part of the integration with DigiCert’s certificate issuance platforms, we are updating our code signing PKI hierarchy. This change is essential for the modernization and streamlining of our code signing certificate offerings.
We expect to start issuing all new code signing certificates from DigiCert’s hierarchy and infrastructure by October 31st. After this date, any end-entity certificate you issue will use the new PKI hierarchy. Watch this article for further confirmation on timelines.
Going forward, Thawte code signing certificates will be issued from GeoTrust intermediate CAs.This change facilitates integration with DigiCert platforms and only impacts root hierarchy. There are no changes to the Thawte brand or product set.
SHA-1 Full Chain End-of-Life (EOL)
Thawte will no longer issue SHA-1 full chain code signing certificates. For those who need SHA-1 full chain support upon expiry, we will continue offering such certificates on the DigiCert brand.
Which services are affected by this change?
These hierarchy changes apply to all:
What happens to my existing certificates?
Your existing certificates are not affected by this change—you may continue using existing certificates to sign your code.
PLEASE NOTE: There is no impact to existing code-signing certificates or the validity of signed files, whether timestamped or otherwise. However, by October 31st, all new code-signing certificates will be issued from DigiCert’s hierarchy and infrastructure.
What happens when I replace a certificate after the hierarchy update?
Your replacement certificate will be signed under the new code signing hierarchy.
What happens when I renew a certificate after the hierarchy update?
Your renewal certificate will be signed under the new code signing hierarchy.
What is the action item for me?
If you have hard-coded the PKI hierarchies in your implementations, ensure that you update them with the new hierarchies.
What are the new Roots and ICAs?
The available new certificates are attached at the bottom of this article.
New Intermediate CAs
DigiCert RSA SHA-256
DigiCert RSA SHA-256
Microsoft Office VBA