DigiCert Revokes Certificates: What You Need to Know
Earlier, the renowned digital certificate authority DigiCert issued a notification stating that due to errors in the verification process, approximately 0.4% of certificates need to be revoked. We have now learned that 83,267 certificates are affected.
All these certificates will be revoked within 24 hours of the notification, so website owners, developers, and IT administrators must immediately reapply for replacements, or their websites and applications will be inaccessible. Although this is DigiCert’s mistake, the company remains adamant about revoking all affected certificates, allowing only critical infrastructure operators to request a delay in revocation to have time for reapplication and replacement.
Replacing digital certificates for critical infrastructure is challenging, particularly as it may involve service interruptions, prompting some operators to criticize DigiCert’s irresponsible approach, as these issues were not caused by the customers.
In its latest notification, DigiCert stated that to avoid disruptions to critical services, the company has already negotiated with some customers and browser developers, allowing the revocation to be delayed under special circumstances.
The final application deadline has already passed: July 31, 2024, at 19:30 UTC. If an extension was not requested by this time, it is assumed that the certificate has been replaced, and these certificates will be revoked on August 3, 2024, at 19:30 UTC. This means there are two more days to make replacements.
“DigiCert continues to actively engage with customers impacted by this incident and many of them have been able to replace their certificates. Some customers have applied for a delayed revocation due to exceptional circumstances and we are working with them on their individual situations. We are no longer accepting any applications for delayed revocation,” DigiCert noted.
“All certificates impacted by this incident, regardless of circumstances, will be revoked no later than Saturday, August 3rd 2024, 19:30 UTC.”
We also remind users of DigiCert certificates to check their certificates for verification issues. This is quite simple: check the DNS records of the domain and see if the verification domain added when applying for the certificate contains an underscore. If it does, it is unaffected. If it does not, it is within the revocation scope and requires contacting DigiCert or the certificate application agent for resolution.
