TABLE OF CONTENTS
Overview
Sectigo, a widely used Certificate Authority (CA) for securing IIS and API endpoints, has initiated a migration to new Public Root Certificates. This change is part of an industry-wide modernization effort and affects all newly issued TLS certificates, including:
- Extended Validation (EV)
- Organization Validation (OV)
- Domain Validation (DV)
What This Means for You
If your organization has recently updated or plans to update its Sectigo certificates, please be aware of the following:
? Integration Impact
Systems that have not updated their trust stores may fail to recognise the new root certificates. This can result in:
- API errors
- Failed HTTPS connections
- Service disruptions
✅ Recommended Action
Before renewing or installing new Sectigo certificates:
- Verify Compatibility: Ensure your systems trust the new root CAs.
- Update Trust Stores: Apply any necessary updates to your operating systems, browsers, or application environments.
- Review Sectigo’s Migration Details: Click here to view Sectigo’s official documentation
? Avoid Certificate Pinning
If your systems use certificate pinning, we strongly recommend reviewing and discontinuing this practice. Pinning to old root certificates may cause unexpected failures as the new roots are adopted.
Need Help?
If you have questions or need assistance verifying compatibility, please contact our support team.
We’re here to help ensure a smooth transition.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article