'DigiCert', large amounts of data each day. Any idea what it could be, the user has no idea.
πŸ‘︎ 5
πŸ“°︎ r/meraki
πŸ’¬︎
πŸ‘€︎ u/DannyMaliana
πŸ“…︎ Feb 28
🚨︎ report
[Digicert] After August 23, 2021 certificates including the wildcard domain name will only secure the FQDN and all of its same-level domain names without charge.

A colleague just ran into this a few minutes ago and wanted to share:

https://docs.digicert.com/de/change-log/?tag=feature%20update

πŸ‘︎ 6
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/Sixyn
πŸ“…︎ Aug 27 2021
🚨︎ report
DigiCert Acquires Mocana to Expand IoT Cybersecurity Presence torchsec.org/digicert-acq…
πŸ‘︎ 2
πŸ“°︎ r/torchsecuritynet
πŸ’¬︎
πŸ‘€︎ u/Obewyn
πŸ“…︎ Jan 18
🚨︎ report
SSL Handshake problem, I already add the Root CA from DigiCert and cacerts.pem from haxx.se and imported it to system certificates, but it's still giving me this error. What should I do?
πŸ‘︎ 7
πŸ“°︎ r/mikrotik
πŸ’¬︎
πŸ‘€︎ u/yhogievo
πŸ“…︎ Jul 08 2021
🚨︎ report
Digicerts signed by weird intermediate

So...I'm managing a bunch of SSL certs, and I quite often renew them with Digicert, and I think I have a pretty good grip on what I'm doing.

Some time ago Digicert changed their intermediate CA which they use to sign certificates, so I had to do some reshuffling to accomodate that, fine.

Today I got a renewal for a cert, signed, from the looks of it, by the same intermediate CA I have been getting my certs from for the past few months.

Now, when I inspected the CA I noticed that it had the same serial number and name as the older one, but a completely different hash, and a completely different issued/expiration-date.

The intermediate cert I got today is not available on https://www.digicert.com/kb/digicert-root-certificates.htm either, the old one is, but not the new one

The old one has a SHA1 has of 1C:58:A3:A8:51:8E:87:59:BF:07:5B:76:B7:50:D4:F2:DF:26:4F:CD

The new one has a SHA1 of 69:38:FD:4D:98:BA:B0:3F:AA:DB:97:B3:43:96:83:1E:37:80:AE:A1

Am I being too paranoid here, or does the idea of there existing multiple copies of a CA-cert with the same name and serialnumber, but with completely different hashes trouble anyone else?

πŸ‘︎ 13
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/ScuttleSE
πŸ“…︎ Aug 25 2021
🚨︎ report
Waterfox G3.2.5 doesn't recognize DigiCert certificates

Waterfox G3.2.5 doesn't recognize DigiCert certificates. It should. (Firefox v92 does.) DigiCert, Inc. is a major certificate issuing organization.

Specifically, when I open the Web site https://www.anim8or.com Waterfox complains "Warning: Potential Security Risk Ahead" and "Error code: SEC_ERROR_UNKNOWN_ISSUER"

When I select "View Certificate", among other info, it shows the Issuer Organization to be DigiCert, Inc. with a "common name" of "GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1"

πŸ‘︎ 4
πŸ“°︎ r/waterfox
πŸ’¬︎
πŸ‘€︎ u/seldenb
πŸ“…︎ Sep 19 2021
🚨︎ report
Couldn't establish a secure connection, is it safe to trust digicert?

https://preview.redd.it/i99r6moodsd71.png?width=441&format=png&auto=webp&s=a9b592cd44f0f1e0cef8c5e7885c33185f39fc24

πŸ‘︎ 3
πŸ“°︎ r/nordvpn
πŸ’¬︎
πŸ‘€︎ u/fjoltryne
πŸ“…︎ Jul 27 2021
🚨︎ report
My DigiCert, a Blockchain-backed Certificate Platform decentralize.africa/jelur…
πŸ‘︎ 5
πŸ“°︎ r/Ardor
πŸ’¬︎
πŸ‘€︎ u/josenxt
πŸ“…︎ May 29 2021
🚨︎ report
Using a certificate purchased from Digicert (or other trusted public CA) with certificate inspection possible?

Hey guys!

Is it possible to purchase a certificate from Digicert and then use that in a SSL-inspection profile that uses certificate inspection and NOT deep SSL?

The reason I'm asking it because we are planning on implementing a Fortigate with Web Filter on a site where we have no control over the clients (and can not install the Fortiagtes own cert in the Trustes Root stores) and we would like the clients to see the proper Web Filter block page, and not a warning page for an untrusted cert.

Thanks!

πŸ‘︎ 2
πŸ“°︎ r/fortinet
πŸ’¬︎
πŸ‘€︎ u/matheeeew
πŸ“…︎ Apr 08 2021
🚨︎ report
Blockchain in education & My DigiCert | 25th of June, 2021 twitter.com/Jelurida/stat…
πŸ‘︎ 2
πŸ“°︎ r/NXT
πŸ’¬︎
πŸ‘€︎ u/josenxt
πŸ“…︎ Jun 22 2021
🚨︎ report
Blockchain in education & My DigiCert | 25th of June, 2021 twitter.com/Jelurida/stat…
πŸ‘︎ 4
πŸ“°︎ r/Ardor
πŸ’¬︎
πŸ‘€︎ u/josenxt
πŸ“…︎ Jun 22 2021
🚨︎ report
My DigiCert, a Blockchain-backed Certificate Platform decentralize.africa/jelur…
πŸ‘︎ 3
πŸ“°︎ r/NXT
πŸ’¬︎
πŸ‘€︎ u/josenxt
πŸ“…︎ May 29 2021
🚨︎ report
FYI: digicert EV-certs may be revoked july-11

tl;dr EV-cert from digicert will be revoked july 11

Got this from digicert today.

> Dear REDACTED, > > During a recent review, we discovered an issue where some of our > intermediate CAs (ICAs) were not included as part of our most recent > WebTrust EV audit. To resolve the issue, we must migrate issuance to > new ICAs and revoke all certificates issued under the impacted > ICAs. Although there is no security threat, the EV Guidelines require > that we revoke EV certificates signed by the affected ICAs by July > 11, 2020 at 12 pm MDT (July 11, 18:00 UTC). > > > Which certificates are affected? These certificates will be revoked > on July 11, 2020 at 12 pm MDT (July 11, 18:00 UTC). > > > ORDER ID SERIAL NO. COMMON NAME > > REDACTED: LIST OF CERTIFICATES > > > What you need to do > > Although the contract between GΓ‰ANT and DigiCert ended, you can > replace these certificates with DigiCert certificates. However, we > recommend that you replace them through your new provider to ensure > continued services and support. To ensure your systems are unimpacted > by the revocation, you must replace your certificates before July 11 > regardless of which provider you use. > > > If you would like a replacement DigiCert certificate, please contact > Jason Lewis ([email protected]) or Ruud-Maarten van de Kreeke > ([email protected]) to create a CertCentral account and > receive a free replacement certificate. We may provide a temporary DV > certificate in place of your EV certificate if our validation volumes > are high. > > > We apologize for this inconvenience. > > Thank you,

πŸ‘︎ 26
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/snarkofagen
πŸ“…︎ Jul 08 2020
🚨︎ report
Google.com sends a certificate issued by "DigiCert Global Root G1A" and not the typical "DigiCert Global CA G2"

This is a follow up from a previous post

Solution:

Open firefox>options>network settings>disable proxy

Issue:

The issue has been narrowed down to the fact that Google.com sends a certificate issued by "DigiCert Global Root G1A" and not the typical "DigiCert Global CA G2" or others found in firefox certificate manager. This results in my browsers or programs to not be able to load google.com or captchas.

What I have tried:

In light of this new information I have tried to use DNS over HTTPS (cloudflare) but the problem persists.

πŸ‘︎ 4
πŸ“°︎ r/techsupport
πŸ’¬︎
πŸ‘€︎ u/L_aW
πŸ“…︎ May 11 2020
🚨︎ report
Wildcard SSL - are Digicert still the daddy?

We have a couple of domains and Digicert allowed us to buy two wildcard certs and to have them both on a single cert as SAN names so a single cert could have *.domaina.tld as primary and *.domainb.tld as a SAN name.

They will of course also allow custom issues without having to buy a dedicated cert like if you need a custom cert just for host.domaina.tld.

When we purchased them so far as I know Digicert were the only people doing this.

They don't cost megabucks but broadly speaking SSL is cheap these days.

Is anyone else doing this that we could or should look at?

Many of the things we use them on are not accessible from the Internet.

πŸ‘︎ 4
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/rich2778
πŸ“…︎ Jul 08 2020
🚨︎ report
Renewed SSL cert not showing DigiCert OU

EDIT: Apparently RapidSSL is not publishing the OU anymore. My issue was caused by the new RapidSSL CA not being trusted by Firefox, and my webserver not handling certificate chains correctly.

So this is a weird one. We renewed the wildcard cert for our primary domain. When I install it on a server, it gives Firefox an unknown issuer error. On further inspection it looks like Firefox isn't able to follow the certificate chain.

After digging into this further, I found that the new certificate seems to have a malformed issuer line. If I read the info from the certificate via OpenSSL, I see this subject and issuer line above my certificate:

subject=CN = *.example.com

issuer=C = US, O = DigiCert Inc, CN = RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1

Looking at the old certificate, the same lines are as below:

subject=CN = *.example.com

issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1

The rest of the certificates look correct, this is the only big difference I can find. I think that for some reason Firefox is looking for the Organizational Unit and when it doesn't see it, it ignores the intermediary certificates and flags the cert as invalid.

Anyone seen anything like this?

πŸ‘︎ 2
πŸ“°︎ r/ssl
πŸ’¬︎
πŸ‘€︎ u/stickmaster_flex
πŸ“…︎ Sep 28 2020
🚨︎ report
DigiCert

Whilst I can't say I've ever had a bad experience with any SSL vendor, in my entire IT career (so far) DigiCert are one of a handful of companies where I simply cannot find anyone with a bad word to day about them (I await Reddit proving me wrong).

Our wildcard is up for renewal shortly, and whilst at first glance DigiCert appeared expensive (vs. the $50-100 AlphaSSL and RapidSSL wildcards and suchlike) I notice they do some nice little things like allowing you to issue unlimited duplicates and have each one of those duplicates include SAN names unique to that duplicate should you need a hostname to be explicitly defined on a certificate - so for example I believe Active Directory Directory Services insists on this to to LDAPS, and Exchange 2010 seems to prefer a SAN cert even though wildcards are supported.

That starts to make it a little more interesting as it would appear that for the cost of a single wildcard, just about every scenario I can think of could be covered.

What am I missing here?

πŸ‘︎ 185
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/hutchingsp
πŸ“…︎ Jun 29 2015
🚨︎ report
Digicert prices went up

Did anyone else notice that Digicerts prices went up for certificates? This sucks because we budgeted for these certificates and now we cannot afford the new price.

πŸ‘︎ 7
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/PerfectCircle0
πŸ“…︎ Jun 05 2019
🚨︎ report
DigiCert Global Root CA is Blocking Access to Many Websites

I am getting the following error page when I try to connect to various websites in firefox (including reddit.com, mozilla.com, imgur.com, etc.).

https://imgur.com/8LsPCYh

This only happens in firefox, not chrome/ie. I have tried all of the common 'fixes' suggested on various forums and the mozilla site but nothing has worked. I have virus/malware scanned my computer, disabled my anti-virus, changed the security enterprise setting in about:config, restarted firefox in safe mode, and deleted the certificate in question.

My access to these sites is not always blocked, it happens randomly during the day.

Does anyone have any insight into why this is happening and how I can go about fixing it? Any ideas would be greatly appreciated. Thanks.

Solved Edit: It looks like any of my DigiCert certificates were corrupted, and deleting the cert file solved the issue.

πŸ‘︎ 9
πŸ“°︎ r/firefox
πŸ’¬︎
πŸ‘€︎ u/master11739
πŸ“…︎ Oct 01 2019
🚨︎ report
Digicert frustrates thawte & Symantec existing customers

Having existing ssl certs with Thawte, Symantec and Digicert, I really didn't care about them merging.. until I tried to work with my ssl certs.

At the time of writing, I have been forced to create three Digicert accounts, one for Thawte, one for Symantec and my existing Digicert account. After MANY phone calls to Digicert support the situation is still a frustrating mess. (With no indications anything will improve)

- I am locked out of my original Digicert account. Support is unable to unlock it for reasons unknown. Test emails to me from support work. Password reset emails vanish. (Yes, I've checked Junk/Spam, mail rules, etc.)

- I need to renew and existing thawte ssl cert. Even though I received a renewal notice, the cert is not available to renew in the new system. (Apparently renewal notices are sent from the OLD system.) Calling support has not resolved this. They suggested I just buy a new ssl cert. (Why would I NOT buy from ANYONE less frustrating if I'm not renewing? Maybe Sectigo?)

- Digicert FORCED me to create new accounts to 'import' the Thawte and Symantec accounts. They CLAIMED that they would then 'magically' be merged into my existing account. This has not happened.

- Whenever I call with an issue, support pushes back asking me to jump through idiotic hoops to work around their massive failures to integrate the companies they acquired.

I have been waiting several hours for a call back from a manager and have no confidence said call will EVER happen.

If you are considering Digicert for any purchase of anything I would strongly suggest you look elsewhere. You are unlikely to make a worse choice. I certainly will recommend AGAINST Digicert for any future business. I strongly urge all others to LEARN from my experience.

Digicert's merger should become a cautionary tale in business courses - somewhere around "New Coke'...

πŸ‘︎ 3
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/craig__1
πŸ“…︎ May 11 2020
🚨︎ report
Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability thehackernews.com/2020/05…
πŸ‘︎ 15
πŸ“°︎ r/InfoSecNews
πŸ’¬︎
πŸ‘€︎ u/quellaman
πŸ“…︎ May 04 2020
🚨︎ report
Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability thehackernews.com/2020/05…
πŸ‘︎ 5
πŸ“°︎ r/myhackernews
πŸ’¬︎
πŸ‘€︎ u/alexCyber
πŸ“…︎ May 06 2020
🚨︎ report
Dehydrated ACME client and the Digicerts Beta Acme endpoint

Has anyone modified the dehydrated ACME client to work with Digicerts Beta Acme endpoint? Or know of an ACME client that supports working with Digicert (that's not Certbot). I'm working on a project right now to automate cert renewal, and my boss rather stay with DigiCert if possible (Due to some SSL certs not supporting LE). I would use Certbot, but a large number of our certs are on a load balancer that we avoid installing things on due to memory restrictions. Hence, using a client like Dehydrated.

Note: I'm newish to this subject.

πŸ‘︎ 2
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/urabiss
πŸ“…︎ Mar 16 2020
🚨︎ report
how to find "DigiCert_Assured_ID_Root_CA.pem" in Solus 3 certs

Hi! I've recently installed Solus 3 with Budgie desktop and have been loving it so far! I've previously been on Xubuntu and at my university i've with ease connected to the schools wifi using this guide: https://zero.comaround.com/en-us/content/788596/?ctxt=search#/

A similar process seems to be the cause using Solus, but the files in etc/ssl/certs have names more like "0b1b94ef.pem" so i, of course, can't find the "DigiCert_Assured_ID_Root_CA.pem" that i directed the installer to when using xubuntu.

Is there a way for me to find this file, and if i do, will it be possible to connect using that .pem CA certificate?

Thanks!

πŸ‘︎ 4
πŸ“°︎ r/SolusProject
πŸ’¬︎
πŸ‘€︎ u/mcedvin
πŸ“…︎ Aug 30 2017
🚨︎ report
Jetzt handeln! DigiCert erklΓ€rt zehntausende TLS-Zertifikate fΓΌr ungΓΌltig heise.de/news/Jetzt-hande…
πŸ‘︎ 8
πŸ“°︎ r/de
πŸ’¬︎
πŸ‘€︎ u/OstfrieseInFran
πŸ“…︎ Jul 10 2020
🚨︎ report
FF is constantly refusing to load pages citing: DigiCert Global Root Ca. Why and how can I fix this?

This is a really weird problem: if I startup Firefox, more often than not, I am greeted with this error message regardless of which site I visit (reddit in this case).

The solution to this is to immediately close and relaunch FF, and for some reason I can surf websites again.

Needless to say this is really frustrating. Why is this happening? Is there a way to fix this?

Thanks

πŸ‘︎ 12
πŸ“°︎ r/firefox
πŸ’¬︎
πŸ‘€︎ u/questionman1
πŸ“…︎ Dec 06 2019
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.