- Contact Us
-
choose your language
Knowledge Base
Install the DigiCert G5 cross-signed root CA certificate
Description
The industry will soon require Certificate Authorities (CAs) to start issuing TLS/SSL certificates from single-purpose roots that chain to single-purpose ICA certificates. To prepare for this change, DigiCert has created new, single-purpose, public, fifth-generation (G5) root and intermediate CA (ICA) certificate hierarchies for issuing public TLS/SSL certificates.
DigiCert is working hard to ensure the G5 roots are included in all necessary certificate trust stores to improve root ubiquity and reduce the need to install a cross-signed root certificate to ensure TLS/SSL certificate trust.
However, even once the roots have been added to the trust stores, you can’t guarantee that users will immediately update their systems, browsers, or applications to the latest versions. To ensure your certificates are trusted even when the new G5 root is missing from a needed trust store, DigiCert recommends installing a DigiCert G5 cross-signed root CA certificate.
Cross-signed root CA certificate compatibility
Installing the cross-signed root CA certificate will ensure your certificates remain trusted with the following operating systems and clients:
| Vendor | Version |
| Microsoft | Windows XP SP3 or higher |
| Apple |
|
| Mozilla | Firefox 2.0 or higher |
| Android 1.1 or higher | |
| Oracle | JRE 1.4.2 or higher |
Install your DigiCert cross-signed root CA certificate
When DigiCert sends your certificate issued from the G5 certificate chain, we will include the certificates listed below. You can also download this zip file from your DigiCert account. This file may contain additional files based on the server platform you selected when ordering or downloading the certificate from your account
Zip file certificates:
- TLS/SSL certificate
- G5 Intermediate CA
- Cross-signed root CA
See the Download intermediate CA and cross-signed root CA certificates table below to download copies of these certificates now.
Are you installing the cross-signed CA certificate on a Windows Server? For those installing the cross-signed root CA certificate on a Windows server, see or knowledge base article, Intermediate Certificate Troubleshooting - Configuring a Windows Server to Send a Cross-Signed Certificate. |
Install cross-signed root CA certificate
- Use your text editor (such as Notepad) to open the cross-signed Root CA file.
- In your editor, copy all the contents.
- Use your text editor to open the G5 Intermediate CA file
- Paste the contents of the cross-signed Root CA file to the end of the G5 Intermediate CA file.
- Save your updated G5 Intermediate CA file.
- Now, you are ready to install your certificate on your server, and your certificate will be trusted if it can’t find its new G5 root in a needed trust store.
Download intermediate CA and cross-signed root CA certificates
RSA TLS/SSL certificates
| Brand / Signature Algorithm | Intermediate CA | Cross-signed root CA | Intermediate and cross-signed bundle |
| DigiCert RSA | Download: |
Download the G1 Cross Signed |
Download: |
| Thawte RSA | Download: |
Download: |
|
| GeoTrust RSA | Download: |
Download: |
|
| RapidSSL RSA | Download: |
Download: |
ECC TLS/SSL certificates
| Brand / Signature Algorithm | Intermediate CA | Cross-signed root CA | Intermediate and cross-signed bundle |
| DigiCert ECC | Download: |
Download the G3 Cross Signed DigiCert TLS ECC P384 Root G5 certificate: |
Download: |
| Thawte ECC | Download: |
Download: |
|
| GeoTrust ECC | Download: |
Download: |
|
| RapidSSL ECC | Download: |
Download: |
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2022-2024, DigiCert, Inc. All rights reserved.
Cookie Settings
