This just came out on July 8th, if you have an EV certs, they will be revoked on July 11th
https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement DigiCert ICA Replacement URGENT Description DigiCert has identified an issue where some of our intermediate CAs (ICAs) were not listed as part of our most recent WebTrust EV audit. To resolve the issue, we are replacing the affected ICAs for EV only. OV and DV certificates are unaffected by these changes. Solution We are taking precautionary measures, and retiring and replacing these ICAs for EV certificates: We are retiring these ICAs: • DigiCert Global CA G2 • GeoTrust TLS RSA CA G1 • Secure Site CA • Thawte TLS RSA CA G1 • Cybertrust Japan Secure Server ECC CA • DigiCert Global CA G3 • GeoTrust TLS ECC CA G1 • Thawte TLS ECC CA G1 • NCC Group Secure Server CA G3 • Aetna Inc. Secure CA2 • DigiCert SHA2 High Assurance Server CA • NCC Group Secure Server CA G2 • Plex Devices High Assurance CA2 • TERENA SSL High Assurance CA 3 Our retired ICAs will be replaced with new ICAs: • DigiCert EV RSA CA G2 • GeoTrust EV RSA CA G2 • Thawte EV RSA CA G2 Who does this affect? This change affects customers who have issued EV certificates using these chains from: • CertCentral • Symantec • Thawte • GeoTrust This also affects customers: • with CA over-rides • who have pinned to a ICA that has been identified for retirement Please Note: Although there is no security threat, we are required by the EV Guidelines to revoke your EV certificates by July 11, 2020 at 12 pm MDT (July 11, 18:00 UTC). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
