With the passing of CA/Browser Forum Ballot SC12: Sunset of Underscores in DNSNames, the industry is retiring underscores ("_") in domain names in public SSL certificates. On January 14, 2019, your existing DigiCert certificates containing underscores will be revoked.
This ballot does not affect Private SSL certificates, nor does it affect other types of digital certificates such as Code Signing, Client, and so on.
Ballot SC12 sets some important dates for the retirement of underscores along with an important provision to help those with an urgent need to continue using underscores for a little bit longer. By May 1, 2019, industry standards mandate that Public SSL certificates must no longer secure domain names with underscores ("_").
For a limited time, CAs are allowed to issue public SSL certificates containing underscores ("_"). This provision is meant to provide you with some extra time to find a permanent migration solution.
However, there are specific guidelines in Ballot SC12 to make sure these certificates are compliant.
Wildcard Certificate Note: If the underscore is present in the left most domain label, use a wildcard certificate instead. A wildcard certificate for *.example.com secures example_domain.example.com and _example.domain.example.com.
For timelines and date specific information:
The preferred solution is to rename the hostnames (FQDNs) that contain underscores and replace the certificates. For situations where renaming is not possible, you can use private certificates and, in some cases, you can use a wildcard certificate that secures the entire domain. For more information, see Underscores not allowed in FQDNs.
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.