DigiCert to Revoke Certificates: Critical Infrastructure Operators Eligible for Extension
Recently, DigiCert, a leading digital certificate authority, announced the need to revoke approximately 0.4% of its certificates due to errors in the validation process. It has now come to light that a total of 83,267 certificates are actually affected.
These certificates will be revoked within 24 hours of the announcement, forcing website owners, developers, and IT administrators to immediately reapply for and replace the affected certificates to avoid service disruptions.
Despite the mistake originating from DigiCert, the company insists on revoking all affected certificates. However, an exception has been made for operators of critical infrastructure, who may apply for a delay in revocation to allow time for reapplication and replacement.
The difficulty of replacing digital certificates for critical infrastructure, especially when it may involve service downtime, has led to complaints about DigiCert's handling of the situation, given that the fault does not lie with the customers.
DigiCert's latest notice states that to prevent interruption of critical services, the company has negotiated with certain customers and browser developers to allow for delayed revocation in specific cases.
The final deadline for applying for an extension has already passed: July 31, 2024, 19:30 UTC. Those who did not apply for an extension are assumed to have replaced their certificates, which will ultimately be revoked on August 3, 2024, 19:30 UTC.
This means there are still two days left for replacements. DigiCert users are reminded to check their certificates for validation issues. This can be easily done by checking the DNS records of the domain for the validation domain added when applying for the certificate. If it includes an underscore, it's unaffected. If not, it's within the scope of revocation, and affected parties should contact DigiCert or the certificate's issuing agent for resolution.