Filtering by: mozilla x clear
compliance

No action is required on your part.

As of February 13, 2019, DigiCert no longer issues ECC TLS/SSL certificates (i.e., certificates with ECDSA keys) with the curve-hash pair P-384 with SHA-2 512 (SHA-512). This curve-hash pair is not compliant with Mozilla's root store policy.

Mozilla's root store policy supports these curve-hash pairs only:

  • P‐256 with SHA-256
  • P‐384 with SHA-384

Note: Do you have a certificate with a P-384 with SHA-512 curve-hash pair? Don't worry. When it’s time to renew the certificate, it will automatically be issued using a supported curve-hash pair.