Mar 25, 2026

Upcoming Changes to Secure Mail Roots and Intermediate Certificates

OVERVIEW: This article explains upcoming industry-driven changes that affect GlobalSign publicly trusted S/MIME Root and Intermediate Certificates. These changes are introduced by browser root programs (primarily in Mozilla Firefox and Google Chrome) and the CA/Browser Forum. GlobalSign is updating its infrastructure to remain fully compliant while minimizing customer impact. This page is updated regularly to reflect the latest updates. We recommend bookmarking this page and checking back for the latest guidance. For BR Changes and Impacts advisories, please refer to this refer to this page.

Summary of Key Changes

1. Effective April 15, 2026, the use of our current multipurpose root will be prohibited per Mozilla Root Store Policy — Mozilla.

2. Effective February 24th, 2026, GlobalSign will transition all publicly trusted S/MIME issuance to the dedicated S/MIME root. i.e., GlobalSign Secure Mail Root R45. 

   1. Please find our R45 Root at GlobalSign Secure Mail Root R45 here.

3. Along with this Root, we will also use a new Intermediate Certificate Authority (ICA) certificate: GlobalSign GCC R45 SMIME CA 2025.

   1. Please find our R45-based ICA at GlobalSign GCC R45 SMIME CA 2025 here.

GlobalSign Transition Plan

GCC Customers

• If you have manually deployed the trust chain on your server, ensure it is updated to the latest chain by February 24th, 2026.

• No other immediate action is required at this time. Your existing or newly issued certificates will remain unaffected and will continue to be trusted.

Atlas Customers

See Atlas - GlobalSign Transition Plan for more information.