DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Transitioning certificate issuance from PKI Platform 8 to DigiCert® ONE

Solution ID : SO428
Last Modified : 07/23/2024


End of issuance of all certificate types from DigiCert® PKI Platform 8 is scheduled for October 1, 2025except for public S/MIME certificates (see box below).

To continue issuing DigiCert certificates without interruption, PKI Platform 8 customers must transition certificate issuance to a DigiCert ONE account as soon as possible.

Below are general steps for transitioning certificate issuance from your PKI Platform 8 account to a DigiCert ONE account, to be completed with a dedicated DigiCert transition team at your earliest convenience. Contact your account manager to begin the transition process. If you don't know who your account manager is, email pki_sales@digicert.com.

Do you issue public S/MIME (Secure Email) certificates?

For compliance reasons, end-of-issuance of public S/MIME certificates in PKI Platform 8 is scheduled for March 14, 2025 earlier than the other certificate types. In addition, the process for transitioning public S/MIME issuance to DigiCert ONE differs from the other certificate types in important ways.

See our KB article, Transitioning public S/MIME certificate issuance from PKI Platform 8 to Trust Lifecycle Manager in DigiCert ONE, for more details.

Steps for transitioning certificate issuance from PKI Platform 8 to DigiCert ONE:

1. Ensure that your PKI Platform 8 contact information (Organizational Contact, Technical Contact, etc.) is up-to-date. If you need to update it, start here.

2. Determine whether your PKI Platform 8 account’s issuing intermediate CA (ICA) certificate is signed by an online or offline root CA. If your current PKI Platform 8 issuing ICA certificate is signed by an offline root CA, DigiCert may be able to link your new issuing ICA certificate in DigiCert ONE to the same offline root CA, thereby preserving the same chain of trust.

Note: Our ability to link your new issuing ICA certificate will depend on your root CA’s expiration date, key size, and signature algorithm.

Does your PKI Platform 8 account's issuing ICA certificate chain to a self-signed online root CA?

This is a good time to move issuance to an online issuing ICA certificate that chains to an offline root CA in DigiCert ONE – which is recommended by DigiCert. Talk to your transition team about leveraging an offline root CA and why it’s a safer, more secure option.


3. Gather the required information about your PKI Platform 8 issuing ICA certificate(s):

  • Full name
  • Expiration date
  • Serial number

4. Gather the required information about all active PKI Platform 8 certificate profiles:

  • Name of each profile
  • Name of CA connected to each profile
  • Name of template from which the profile was created (Generic Authentication, Generic Server, etc.)
  • Number of active certificates currently issued from each profile

5. Set up a test account (if needed), in the region that you specify, in a separate DigiCert ONE transition environment.

DigiCert ONE test accounts are:
  • Available at no additional cost to any transitioning PKI Platform 8 customer who needs one.
  • Available only for the period of transition from PKI Platform 8 to DigiCert ONE, unless you have purchased DigiCert Premium Support.
  • Connectable to your dev account with the same functionality as DigiCert ONE production accounts.


6. Complete a naming document for any required, new root and/or ICA certificates. The naming document template will be provided by your DigiCert transition team.

7. Create new certificate profiles in DigiCert ONE.

Prevent email tampering and phishing with a DigiCert S/MIME certificate.

Buy now

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.