Review the G1 root removal advisory
Identify TLS/SSL certificates chained to DigiCert G1 roots that require reissue or renewal before April 15, 2026.
Important
On April 15, 2026, Mozilla and Google Chrome removed DigiCert G1 roots from their trust stores. TLS certificates that chain solely to DigiCert G1 roots lost browser trust in Chrome and Firefox on this date. Reissue or renew affected certificates using the DigiCert G2 or G3 root immediately.
For Enterprise, Partner, and Legacy accounts:
In the CertCentral main menu, go to Reports > Build a report.
Select Orders as the report category and select Next.
In the Specify certificate requested date range menu, select All certificates to current date.
Under Certificate details, select Intermediate CA, Intermediate CA ID, and Root.
Under Format, select CSV, JSON, or Excel.
Enter a report name and select Build report.
When ready, download the report.
In the Validity end date column, filter to show certificates expiring after April 14, 2026.
In the Root column, identify certificates chained to DigiCert G1 roots.
For Subscription accounts:
In the CertCentral main menu, go to Reports > Build a report.
Follow steps 2 through 9 above to build and download the Orders report.
To reissue affected certificates, go to My Digital Trust Products > Certificates and select the certificate order.
Reissue affected certificates
Reissue any certificates identified as chaining to G1 roots to replace them with certificates using the DigiCert G2 or G3 root.
Notice
This advisory replaces the March 2023 ICA certificate expiration advisory which is no longer current. If you have previously actioned the March 2023 advisory, confirm your certificates are now chaining to G2 or G3 roots using the report above.