Back
-
Platform
BackManage PKI and Certificate Risk in One Place
-
Solutions
BackThe Smarter Way to Manage Certificate LifecyclesSoftware Supply Chain Security
Protect your entire software supply chain with automated tools
- Buy
-
Company
BackManage PKI and Certificate Risk in One Place
-
Resources
Back
- Support
- Contact us
-
Language
Switch to Digicert
TLS/SSL for Web
Protect your organization’s reputation and online presence with replacement certificates from ¶ºÒõ¹Ý, trusted by Google, Mozilla and Apple.
Get Replacement Certificates. Fast.
- Quickly and easily purchase replacement TLS/SSL certificates with a credit card.
- Your purchase includes access to ¶ºÒõ¹Ý CertCentral®, our award-winning website certificate automation manager.
- If you have needs not listed here, contact us. Our team can help create a custom solution.
Looking for a Tailored Migration Experience?
If you have many certificates to replace or other complex technical or business requirements, please contact our team to discuss the best migration path for your organization. ¶ºÒõ¹Ý offers a wide variety of trusted digital certificates, PKI services, and certificate lifecycle management.
Google Chrome and Mozilla to Distrust New Issuance of Entrust Certificates.
Google Chrome, Apple, and Mozilla have distrusted new issuance of Entrust certificates.
Public TLS/SSL certificates issued from Entrust roots will not be trusted by Google Chrome if the Signed Certificate Timestamp (SCT) is dated after November 11, 2024, by Apple if the SCT is dated after November 15, 2024, and by Mozilla if the SCT is dated after November 30, 2024.
- To be trusted by a browser, a publicÌýcertificate authority must comply with specific requirements defined by the CA/Browser Forum.
- To ensure trust is consistent and continuous, browser root programs receive regular audit reports about Certificate Authority (CA) operations and compliance.
- Transparency and accountability are critical to trust. CAs are expected to work in good faith with the browser root programs to fix and prevent issues. 
- Recently, browser root programs indicated a lack of confidence in the TLS certificate issuance practices of Entrust.
- Google ultimately decided to , a move that was subsequently mirrored by and .
What Does This Mean for Entrust Customers?
- Google Chrome will not trust Public TLS certificates with an SCT issued by Entrust roots after November 11, 2024.
- Apple will not trust Public TLS andÌýS/MIME certificates with a SCT issued by certain Entrust roots after November 15, 2024. The full list of affected root CA certificates can be found
- Mozilla Firefox will not trust Public TLS certificates issued by Entrust roots with an earliest SCT after November 30, 2024.
- Servers using these affected issuances of Entrust certificates will display as an unsecured site by Google and Mozilla.
- Any TLS certificate with an SCT dated on or before these distinct Google Chrome, Apple Safari, and Mozilla Firefox distrust dates are unaffected by the distrust.
- S/MIME certificates with an SCT dated on or before the Apple Safari distrust dates will remain unaffected by the distrust.
Optional heading that can be visually hidden
We’re Here to Help
We understand this incident is a business disruption for affected organizations.
As a global leader in globally trusted public and private trust solutions, we are committed to helping you maintain critical operations and ensure business continuity during the transition from Entrust—and beyond.
How We Earn Your Trust
Compliance for all
We’re empowering compliance through innovation and open-source solutions
¶ºÒõ¹Ý employs a proactive and data-driven approach to compliance—and we even offer our technology freely to help other organizations do the same, including our recent open-source release of PKIlint, an automated certificate linter that enables users to rapidly check certificates for errors and compliance issues.
Global standards and governance
We’re building trust through adherence to global standards
Without a globally accepted body of standards, there is no core foundation for trust. We adhere to all the requirements of the CA/Browser Forum for the issuance and management of certificates.
Public communication and collaboration
We’re committed to transparency and accountability
At ¶ºÒõ¹Ý, transparency is at the core of our commitment to maintaining trust and integrity in digital security. When a revocation incident occurs, we prioritize clear and prompt communication, including the cause, scope, and steps taken to address the issue. Our goal is to ensure that all stakeholders are fully informed and confident in our actions to uphold our commitment to their security and the standards by which we are governed.
Leading by example
We’re dedicated to upholding digital trust
We take our responsibility as a Certificate Authority in the root store of all major browsers very seriously. Our entire company’s sole focus is—and has been for more than two decades—to do everything in our power to deliver digital trust to our customers.
Need Assistance Navigating Your Migration From Entrust?
Our experts can help ensure you make the transition without disruption or costly outages. Reach out today.
Optional heading that can be visually hidden
The Entrust Distrust
Webinar
What happened, what it means and what steps to take
We helped thousands navigate the Symantec distrust in 2018. Join us for an experience-backed roadmap to avoiding disruption from the Entrust distrust.
Related Resources
BLOG
The Entrust distrust: Key takeaways for CAs and organizations
BLOG
Why Compliance is the Foundation of Digital Trust
BLOG
¶ºÒõ¹Ý Releases Innovative Automated Testing Tool for Digital Certificates
BLOG
What is a CA's role in delivering digital trust?
Video
What is digital trust?
Datasheet
Certificate management for TLS best practices
FAQ
Why did Google decide to distrust Entrust roots?Ìý
In , Google said:
Over the past several years, highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted CA Owner.
And...
Certification Authorities (CAs) serve a privileged and trusted role on the Internet that underpin encrypted connections between browsers and websites. With this tremendous responsibility comes an expectation of adhering to reasonable and consensus-driven security and compliance expectations, including those defined by the CA/Browser TLS Baseline Requirements.
Over the past six years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports. When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the Internet ecosystem, it is our opinion that Chrome’s continued trust in Entrust is no longer justified.
- Why did Google decide to distrust Entrust roots?
- When will my Entrust certificates be distrusted?
- When should I start replacing my current Entrust certificates?
- How can I determine if we are using Entrust certificates in our environment?
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.Ìý
-
© 2025 ¶ºÒõ¹Ý. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings