受全球知名信任库 Mozilla 的根证书最新信任策略(全球所有 CA 的可信根证书生成后最少 15 年更换一次,超过时间的可信根会逐渐被 Mozilla 停止信任)影响,DigiCert 将逐步停用旧根体系(G1)颁发 TLS/SSL 证书,并开始使用新根体系(G2)颁发 TLS/SSL 证书,以确保 TLS/SSL 证书在 Firefox 浏览器中继续受到信任。
自 2024 年 7 月 1 日起,DigiCert 品牌 TLS/SSL 证书将使用新的 G2 根体系签发证书,逐步停用旧的 G1 根体系。
1、2024 年 7 月 1 日前,已签发证书不受影响,仍有效直至证书过期,证书有效期内进行重颁发,重颁发的证书仍使用旧根签发;
2、2024 年 7 月 1 日后,提交的 DigiCert 品牌 TLS/SSL 证书新订单将使用新根签发;
3、2024 年 7 月 1 日后, DigiCert 品牌 TLS/SSL 证书多年期订单在下一年续期证书时,将使用新根签发。
moneyslow.com提醒:
1、新的 G2 根体系依然兼容当前主流的操作系统和移动设备,不存在兼容性变化问题,并采用更高安全性的 SHA256 签名算法。
2、如果您在客户端预埋了原根证书或原中级证书,使用新根证书签发的新证书,将出现客户端校验异常,进而引发服务中断等问题。请及时移除预埋操作,改用系统自带的信任库进行验证。
DigiCert 品牌详情:
| 证书品牌 | 证书类型 | 原中级证书 | 原根证书 | 新中级证书(“-”代表不变) | 新根证书(“-”代表不变) |
| DigiCert | DigiCert OV SSL | DigiCert Basic RSA CN CA G2 | DigiCert Global Root CA | DigiCert Basic OV G2 TLS CN RSA4096 SHA256 2022 CA1 | DigiCert Global Root G2 |
| DigiCert Basic ECC CN CA G2 | DigiCert Global Root CA | DigiCert Basic OV G3 TLS CN ECC P-384 SHA384 2022 CA1 | DigiCert Global Root G3 | ||
| DigiCert EV SSL | DigiCert Basic EV RSA CN CA G2 | DigiCert High Assurance EV Root CA | DigiCert Basic EV G2 TLS CN RSA4096 SHA256 2022 CA1 | DigiCert Global Root G2 | |
| DigiCert Basic EV ECC CN CA G2 | DigiCert High Assurance EV Root CA | DigiCert Basic EV G3 TLS CN ECC P-384 SHA384 2022 CA1 | DigiCert Global Root G3 | ||
| GeoTrust | GeoTrust 入门型 SSL | RapidSSL Global TLS RSA4096 SHA256 2022 CA1 | DigiCert Global Root CA | RapidSSL TLS RSA CA G1 | DigiCert Global Root G2 |
| RapidSSL ECC CA 2018 | DigiCert Global Root CA | RapidSSL TLS ECC CA G1 | DigiCert Global Root G3 | ||
| GeoTrust DV SSL | GeoTrust TLS ECC CA G1 | DigiCert Global Root G3 | – | – | |
| GeoTrust CN RSA CA G1 | DigiCert Global Root CA | GeoTrust TLS RSA CA G1 | DigiCert Global Root G2 | ||
| GeoTrust OV SSL | GeoTrust ECC CN CA G2 | DigiCert Global Root CA | GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1 | DigiCert Global Root G2 | |
| GeoTrust RSA CN CA G2 | DigiCert Global Root CA | GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1 | DigiCert Global Root G2 | ||
| GeoTrust EV SSL | GeoTrust EV RSA CA G2 | DigiCert Global Root G2 | GeoTrust EV G2 TLS CN RSA4096 SHA256 2022 CA1 | – | |
| DigiCert TLS Hybrid ECC SHA384 2020 CA1 | DigiCert Global Root CA | GeoTrust EV G3 TLS CN ECC P-384 SHA384 2022 CA1 | DigiCert Global Root G3 | ||
| Encryption Everywhere | Encryption Everywhere SSL DV | Encryption Everywhere DV TLS CA – G1 | DigiCert Global Root CA | Encryption Everywhere DV TLS CA – G2 | DigiCert Global Root G2 |
| Encryption Everywhere ECC DV TLS CA | DigiCert Global Root CA | Encryption Everywhere G3 TLS ECC P384 SHA384 2023 CA1 | DigiCert Global Root G3 | ||
| SecureSite | SecureSite SSL OV | DigiCert Secure Site CN CA G3 | DigiCert Global Root CA | DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1 | DigiCert Global Root G2 |
| DigiCert Secure Site ECC CN CA G3 | DigiCert Global Root CA | DigiCert Secure Site OV G3 TLS CN ECC P-384 SHA384 2022 CA1 | DigiCert Global Root G3 | ||
| SecureSite SSL EV | DigiCert Secure Site EV CN CA G3 | DigiCert High Assurance EV Root CA | DigiCert Secure Site EV G2 TLS CN RSA4096 SHA256 2022 CA1 | DigiCert Global Root G2 | |
| DigiCert Secure Site EV ECC CN CA G3 | DigiCert High Assurance EV Root CA | DigiCert Secure Site EV G3 TLS CN ECC P-384 SHA384 2022 CA1 | DigiCert Global Root G3 | ||
| SecureSite SSL EV Pro | DigiCert Secure Site Pro EV CN CA G3 | DigiCert High Assurance EV Root CA | DigiCert Secure Site Pro EV G2 TLS CN RSA4096 SHA256 2022 CA1 | DigiCert Global Root G2 | |
| DigiCert Secure Site Pro EV ECC CN CA G3 | DigiCert High Assurance EV Root CA | DigiCert Secure Site Pro EV G3 TLS CN ECC P-384 SHA384 2022 CA1 | DigiCert Global Root G3 | ||
| SecureSite SSL OV Pro | DigiCert Secure Site Pro CN CA G3 | DigiCert Global Root CA | DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1 | DigiCert Global Root G2 | |
| DigiCert Secure Site Pro ECC CN CA G3 | DigiCert Global Root CA | DigiCert Secure Site Pro G3 TLS CN ECC P-384 SHA384 2022 CA1 | DigiCert Global Root G3 |
DigiCert ICA/root 详情:
| 原根证书(G1) | 使用范围 | Mozilla 不再信任时间 | 新根证书(G2) |
| Baltimore CyberTrust Root | 交叉证书,扩展兼容性用途 | 2025-04-15 (证书将于 2025-05-12 到期) | DigiCert Global Root G2 |
| DigiCert Assured ID Root CA | – | 2026-04-15 | DigiCert Global Root G2 |
| DigiCert Global Root CA | Digicert 旗下 DV、OV 类型 SSL 证书 | 2026-04-15 | DigiCert Global Root G2 |
| DigiCert High Assurance EV Root CA | Digicert 旗下 EV 类型 SSL 证书 | 2026-04-15 | DigiCert Global Root G2 |
DigiCert 原文公告 :https://knowledge.digicert.com/generalinformation/digicert-root-and-intermediate-ca-certificate-updates-2023.html
扩展阅读:《浏览器如何知道web服务器提供的https证书是由受信任》