When Your CA Migration Is Actually A CA Evacuation


Does the Symantec SSL Certificate Distrust and your potential decision to evacuate from Symantec's CAs put you at risk?

An emergency evacuation is defined as:

…the urgent immediate egress or escape of people away from an area that contains an imminent threat, an ongoing threat or a hazard to lives or property.

Has your organisation been asked or told to evacuate the Symantec CA? – It is worth checking your SSL certificate inventory for Symantec owned brands including Verisign, Thawte, GeoTrust and Rapid SSL.

DigiCert’s announcement to acquire Symantec’s Website Security and Related PKI Solutions marks the start of an impending certification authority (CA) mass migration process, set to occur during the first wave of distrust by Google of Symantec-issued SSL certificates. All existing Symantec SSL certificates (issued prior to June 1, 2016) will be distrusted as of March 2018, creating the potential for business disruption and erosion of the Symantec customer experience, for both public and private trust customers.

Normally, the decision to migrate to a new CA or PKI solution is a strategic move. Undertaking a migration procedure is a tactical exercise, and given the investment of time and money involved, should be treated as an opportunity to evolve your digital trust structure, address past issues and shift to a more strategic use of technology.

The point of an evacuation is to lead you out of danger and into safety. So that’s now the question. How sure can you be that Digicert’s new PKI solution is the right fit for your business?

Trust is earned, not acquired. There are concerns and unanswered questions about how Digicert is going to maintain business continuity, and prioritize migrations among the many that will be taking place.

The fact is: you are not the only business that will be emergency migrating their core security infrastructure i.e. Certificates and related PKI solutions before a strict deadline. As a result, you must put immediate trust in your chosen vendor to make sure everything that is needed to keep the heartbeat of your security infrastructure alive is implemented smoothly.

Questions still remain about how DigiCert will address the systemic problems within the Symantec Website Security division and when they will be resolved. All in all, the acquisition of the Symantec CA by Digicert is creating uncertainty in private and public trust circles.

Mozilla expresses their concerns >>

  • We would be concerned if the combined company continued to operate significant pieces of Symantec’s old infrastructure as part of their day-to-day issuance of publicly-trusted certificates.
  • We would be concerned if Symantec processes appeared to displace DigiCert processes.
  • We would be concerned if the management of the combined company, particularly that part of it providing technical and policy direction and oversight of the PKI, were to appear as if Symantec were the controlling CA organization in the merger.

A successful evacuation is a matter of following a solid plan. If your evacuation from Symantec and migration to Digicert is not being treated like an urgent matter, you should question your migration plan, keeping in mind that you did not ask for this.  You still have an opportunity to find a trusted partner on your own terms.

Entrust Datacard has worked with MPA New Zealand and its Integration Partners for many years, supplying local organisations with their SSL Certificate requirements. Entrust Datacard have helped many organisations lower the cost of owning and managing their certificate inventories by providing easy to use tools that streamline certificate expiries and renewals.

CLICK HERE to download a copy of the Simple CA Evacuation Plan You Need.

This article was originally penned by Stephen Demone. Stephen Demone is a Content Developer at Entrust Datacard where he specializes in digital certificate technology.


Sameer Shaikh -

Sameer has over 11 years of experience in sales and customer service roles in the technology, financial, wholesale trade and retail sector in India, UAE, United Kingdom and New Zealand.

At MPA Sameer is applying his expertise in customer management and business development to maintain existing business relationships as well as developing new business opportunities.

He also shares responsibility in the sales and purchase order entry and logistics areas.

Sameer has a Bachelor of Science degree.

Latest Security Problems Solved

Internet of Things More >
HTTPS – Uptake Set to Accelerate in 2017 More >
Addressing Endpoint Security Challenges More >
Taking a Different Approach to Endpoint Security More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >