Jul 19, 2020

EV SSL Intermediate and Root Changes

Introduction

This article will go over the Extended Validation SSL Intermediate and Root Changes. 

Timeline 

October 31, 2016	All EV SSL certificates (new, reissue, and renewal) will be issued off the GlobalSign Root R3.

Overview of EV SSL Intermediate and Root Changes

Starting from 31st of October 2016, GlobalSign Extended Validation (EV) SSL Certificates will be issued off a new intermediate certificate as part of regular CA life cycle management. The new EV SSL Intermediate will allow the entire certificate chain, including the Root (Root R3) to be signed with SHA-256 hashing algorithm, replacing the current root certificate (Root R2) which is in SHA-1.  

New Root
The "new root" is a long standing, existing root already present in most operating systems and platforms. 

Impact to Customers
It is important to note that this does not impact existing or previously issued EV SSL certificates, however, new, reissued, and renewed certificates will use the new hierarchy starting from 31st of October 2016.
For web servers that require manual configuration of the intermediate and root certificates, such as Tomcat or Apache, please ensure that you reference the new intermediate and root, should you reissue or renew after 31st of October 2016. 
Existing certificates issued prior to 31 October 2016 that do not require a reissue or renewal will not be required to take any action. 

Sources

1. ExtendedSSL Intermediate Certificates
2. GlobalSign Root Certificates