SECURITY BULLETIN: DigiCert Certificate Revocation Incident - Potential Business Impact

Late yesterday, DigiCert announced a critical incident involving the revocation of a subset of TLS/SSL certificates due to a domain control verification (DCV) issue. While necessary to maintain security standards, this action could potentially disrupt services for some organizations that rely on DigiCert certificates to secure public and private web services.

What Does This Mean for You?

Based on information shared publicly by DigiCert, we believe the number of impacted customers will remain relatively small. However,  it’s essential to be aware of the potential consequences. If your business relies on services that use DigiCert certificates, you may experience temporary disruptions including but not limited to:

• Website inaccessibility: Your website may become unreachable for users.
• Email issues: You might encounter difficulties sending or receiving emails.
• Application failures: Applications that rely on secure connections could malfunction.

What We’re Doing

The Systems Engineering team is actively monitoring the situation and working closely with impacted clients to assess and resolve issues created by DigiCert's immediate certificate revocation. We are prepared to provide support and assistance as needed.

What You Can Do

• Check your DigiCert account: DigiCert has provided instructions for checking if your certificates are affected. Please review their guidance for further information.
• Implement contingency plans: If possible, consider having backup certificates or alternative communication channels in place.
• Stay informed: We will provide updates as the situation develops.

Next Steps

If you experience any disruptions due to the DigiCert certificate revocation, please contact Systems Engineering immediately via your normal support channels.  If you have any questions about the DigiCert revocation incident, timeline, or ramifications, please contact your Account Manager.