Speed up SSL issuance
GoGetSSL® offers fastest issuance of SSL due to use of LEI code and API automation. Legal Entity Identifier (LEI) is a global identity code, just like DUNS. Learn how LEI works.
Sectigo Public Root CAs Migration
-
-
*
What's Happening
Sectigo is transitioning to new Public Root CAs as a proactive measure to ensure certificates remain highly secure, trusted, and compliant with modern industry standards. This migration has been ongoing since spring 2025 and affects all TLS certificates (used for website security) and S/MIME certificates (used for securing emails).
Affected Products:
- Sectigo SSL/TLS certificates
- GoGetSSL DV SSL/TLS certificates
- S/MIME certificates issued by Sectigo CA
-
-
How to Ensure Backwards Compatibility with Legacy Systems
If you're serving clients with older devices or operating systems, you may need to take additional steps to ensure full compatibility:
-
-
1
Option 1: Cross-Signed Certificate (Recommended)
Install the cross-signed intermediate certificate to maintain compatibility with legacy systems that may not yet trust Sectigo's new root. The cross-signed certificate is included in your certificate folder and can also be downloaded here
This solution ensures your certificate chain is trusted by both modern and legacy client systems.
-
2
Option 2: Re-issue Under Previous Chain (Time-Sensitive)
Request a certificate re-issue under Sectigo's previous intermediate chain.
CRITICAL DEADLINE: This option is only available until December 31st, 2025. After January 1st, 2026, re-issuance under the old chain will no longer be possible.
Important notes:
- Processing takes 1-2 business days
- Do not complete domain validation until we confirm that Sectigo has updated the chain
-
3
Option 3: DigiCert SSL Certificates
DigiCert CA issued products include:
- DigiCert
- GeoTrust
- Thawte
- RapidSSL
- GoGetSSL OV
- GoGetSSL EV
-
*
Need Assistance?
Contact our SSL support team for help determining the best compatibility solution for your environment.
-