DigiCert Will Acquire Symantec’s Certificate Authority
A permanent resolution for Google & Mozilla browser issues is in sight.
Back in October, DigiCert announced it would be acquiring Symantec’s “Website Security Solutions” division which is comprised of its Certificate Authority, SSL products, and IoT products. This was regarded as great news and seems to have been well-received within the inner circles of the browser community. DigiCert began to validate and issue all certificates beginning on December 1st, 2017.
DigiCert will pay $950 million in cash up front and give Symantec a 30% stake in its common stock equity when the deal closes, which is expected by Q3 2018.
Again, this is a major acquisition that will see two of the world’s largest CAs – Symantec, currently 2nd by market share of commercial CAs and 1st by revenue – join forces.
What the move doesn’t do is automatically ‘dissolve’ Symantec’s issues with Google, Mozilla, and other browsers. The recently finalized plan, which will have Symantec’s current root certificates retired and replaced with a new infrastructure, still applies, with the first stage of dis-trust taking effect on April 15, 2018.
Symantec was expected to announce a “Managed CA” partnership that would issue certificates for it in the interim period while its old roots were phased-out and its new roots are distributed to devices. Instead, rumors that Symantec was considering a sale of its Certificate Authority, that first broke in early July, turned out to be true.
This acquisition is perfectly timed, as Symantec was going to have to invest in and develop an entirely new PKI platform and infrastructure. That seemed like an impossible task within the proposed timelines. Instead, Symantec’s existing customers can now be assured of full browser compatibility and trust by eventually merging to DigiCert’s platform which is already widely used and trusted by the enterprise sector.
This is not DigiCert’s first foray into acquisitions. In 2015, DigiCert acquired the Cybertrust Certificate Authority from Verizon. Its management of Cybertrust has been highly regarded by those in the Web PKI field and held as an exemplary example of how to rehabilitate a CA.
Symantec was involved in the largest CA acquisition back in 2010 when it acquired VeriSign. Both parties are extremely experienced and well-equipped to ensure a smooth transition for all.
Shortly after the announcement, DigiCert’s executive vice-president of emerging markets Jeremy Rowley posted to Mozilla’s Dev Security Policy mailing list, where Web PKI topics are discussed.
“DigiCert is acquiring the Symantec CA assets, including the infrastructure, personnel, roots, and platforms. At the same time, DigiCert signed a Sub CA agreement wherein we will validate and issue all Symantec certs as of Dec 1, 2017. We are committed to meeting the Mozilla and Google plans in transitioning away from the Symantec infrastructure. The deal is expected to close near the end of the year, after which we will be solely responsible for operation of the CA.”
The announcement has been well received by the community, who have great trust in DigiCert’s ability to meet the agreed upon transition timeline for Symantec’s root certificates.
All in all, this acquisition is the best case scenario for all parties involved; Symantec, DigiCert, Google, Mozilla, Chrome users, Firefox users, the browser & developer community, Symantec clients, partners, resellers, and sub-resellers. The SSL & PKI industry has an extremely bright future with a new leader at the helm.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown