- Contact Us
-
choose your language
Knowledge Base
Transitioning certificate issuance from PKI Platform 8 to DigiCert® ONE
End of issuance of all certificate types from DigiCert® PKI Platform 8 is scheduled for October 1, 2025 – except for public S/MIME certificates (see box below).
To continue issuing DigiCert certificates without interruption, PKI Platform 8 customers must transition certificate issuance to a DigiCert ONE account as soon as possible.
Below are general steps for transitioning certificate issuance from your PKI Platform 8 account to a DigiCert ONE account, to be completed with a dedicated DigiCert transition team at your earliest convenience. Contact your account manager to begin the transition process. If you don't know who your account manager is, email pki_sales@digicert.com.
Do you issue public S/MIME (Secure Email) certificates? See our KB article, Transitioning public S/MIME certificate issuance from PKI Platform 8 to Trust Lifecycle Manager in DigiCert ONE, for more details. |
Steps for transitioning certificate issuance from PKI Platform 8 to DigiCert ONE:
1. Ensure that your PKI Platform 8 contact information (Organizational Contact, Technical Contact, etc.) is up-to-date. If you need to update it, start here.
2. Determine whether your PKI Platform 8 account’s issuing intermediate CA (ICA) certificate is signed by an online or offline root CA. If your current PKI Platform 8 issuing ICA certificate is signed by an offline root CA, DigiCert may be able to link your new issuing ICA certificate in DigiCert ONE to the same offline root CA, thereby preserving the same chain of trust.
Note: Our ability to link your new issuing ICA certificate will depend on your root CA’s expiration date, key size, and signature algorithm.
Does your PKI Platform 8 account's issuing ICA certificate chain to a self-signed online root CA? This is a good time to move issuance to an online issuing ICA certificate that chains to an offline root CA in DigiCert ONE – which is recommended by DigiCert. Talk to your transition team about leveraging an offline root CA and why it’s a safer, more secure option. |
3. Gather the required information about your PKI Platform 8 issuing ICA certificate(s):
- Full name
- Expiration date
- Serial number
4. Gather the required information about all active PKI Platform 8 certificate profiles:
- Name of each profile
- Name of CA connected to each profile
- Name of template from which the profile was created (Generic Authentication, Generic Server, etc.)
- Number of active certificates currently issued from each profile
5. Set up a test account (if needed), in the region that you specify, in a separate DigiCert ONE transition environment.
DigiCert ONE test accounts are:
|
6. Complete a naming document for any required, new root and/or ICA certificates. The naming document template will be provided by your DigiCert transition team.
7. Create new certificate profiles in DigiCert ONE.
Still issuing from PKI Platform 8? DigiCert recommends applying shorter validity periods to any new certificates issued from PKI Platform 8. Why? Because once you make the transition to Trust Lifecycle Manager, any valid certificates in your PKI Platform 8 account must be imported if you wish to view and manage them using your new Trust Lifecycle Manager account. To avoid or mitigate that import step, consider issuing any new certificates in PKI Platform 8 with validity periods that conform to the product’s end-of-issuance deadline of October 1, 2025. |
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2022-2024, DigiCert, Inc. All rights reserved.
Cookie Settings
