February 15, 2019

ECC hierarchy changes

Signature algorithm change

On February 14, 2019, we changed the signature algorithm for the ECC certificates from SHA256ECDSA to SHA384ECDSA in order to meet Mozilla’s root policy. This change applies to both EV ECC and OV ECC certificates.

Intermediate CA change

On February 15, 2019, we replaced “DigiCert ECC Secure Server CA" with “DigiCert Secure Site ECC CA-1” in order to issue ECC certs with SHA256ECDSA.

Type Hierarchy Old Intermediate CA Current Intermediate CA Signature algorithm issued before Feb 14, 2019 Signature algorithm issued on and after Feb 15, 2019
EV ECDSA with RSA root DigiCert ECC Extended Validation Server CA No change sha256ECDSA sha384ECDSA
EV ECDSA with ECC Root DigiCert Extended Validation CA G3 No change sha256ECDSA sha384ECDSA
OV ECDSA with RSA root DigiCert ECC Secure Server CA DigiCert Secure Site ECC CA-1 sha256ECDSA No change
OV ECDSA with ECC Root DigiCert Global CA G3 No change sha256ECDSA sha384ECDSA