DigiCert explained

DigiCert, Inc.
Type:Private company
Location City:Lehi, Utah, U.S.
Num Locations:12
Num Employees:1,000+
Area Served:Worldwide
Industry:Internet security, Public key infrastructure, IoT security
Subsid:CyberTrust
GeoTrust
QuoVadis
RapidSSL
Thawte
Mocana
DNS Made Easy

DigiCert, Inc. is a digital security company headquartered in Lehi, Utah.[1] DigiCert provides public key infrastructure (PKI) and validation required for issuing digital certificates or TLS/SSL certificates, acting as a certificate authority (CA) and trusted third party.

History

DigiCert was founded by Ken Bretschneider in 2003.[2] [3] Bretschneider served as CEO and chairman of the board until 2012 when he was appointed Executive chairman and Nicholas Hales became CEO.[4] In 2016, the company named John Merrill CEO,[5] who left the company in 2022.

In 2005, DigiCert became a founding member of the CA/Browser Forum.[6]

In 2007, DigiCert partnered with Microsoft to develop the industry's first multi-domain (SAN) certificate.[7] [2]

In 2015, DigiCert acquired the Cyber Trust Enterprise SSL business from Verizon Enterprise Solutions, becoming the world's second-largest certificate authority for high-assurance or extended validation (EV) TLS/SSL certificates.[8]

On August 28, 2015, private equity firm Thoma Bravo acquired a majority stake in DigiCert, with TA Associates holding a minority share.[9]

In 2017, DigiCert acquired the TLS/SSL and PKI businesses from Symantec, including brands Geo Trust, Rapid SSL (part of Geo Trust), Thawte and Verisign[10] The acquisition resulted from questions first raised in 2015 by web browsers Google and Mozilla about the authenticity of certificates issued by Symantec, which represented one-third of all TLS/SSL certificates on the web.[11] [12] In September 2017, Google and Mozilla announced they would "reduce, and ultimately remove, trust in Symantec's Root Keys in order to uphold user's security and privacy when browsing the web."

The final distrust deadline for certificates chaining to Symantec roots was set for October 2018.[13] Symantec agreed to transfer its certificate business to its top TLS/SSL competitor, DigiCert, whose roots were trusted by browsers.[14] In December 2017, DigiCert began issuing free replacements for all distrusted certificates from Symantec, Geo Trust, Rapid SSL, Thawte, and VeriSign. By Oct. 2018, the company had revalidated more than 550,000 organizational identities and issued more than 5 million replacement certificates for affected customers.[15]

In 2018, DigiCert acquired QuoVadis, a trust service provider (TSP) headquartered in Switzerland offering qualified digital certificates, PKI services, and Primo Sign electronic signature software.[16] Qualified digital certificates from QuoVadis (now backed by DigiCert) comply with EIDAS, a set of EU standards for electronic transactions requiring legal proof of authentication. The EU Payment Services Directive mandated that banks and other financial institutions operating in Europe begin using qualified digital certificates by Jun. 2019. According to DigiCert, "the QuoVadis acquisition aligns with the company's vision of providing globally dispersed and robust PKI-based solutions with local support."[17]

In 2019, the company announced a new R&D division called DigiCert Labs, "an initiative dedicated to researching and developing innovative approaches to security challenges."[18] DigiCert Labs will collaborate with other enterprise labs – including Microsoft Research, Utimaco, ISARA, and Gemalto – and make grants to universities for the study of topics related to authentication, data integrity, encryption and identity. Initial research projects will focus on post-quantum cryptography and machine learning.[19] In 2019, DigiCert also launched the first post-quantum computing tool kit.[20]

In 2019, Clearlake Capital Group, L.P., a leading private investment firm, and TA Associates, an existing investor, reached an agreement to make a strategic growth investment in DigiCert. As part of the transaction, Clearlake and TA Associates become equal partners in the company.[21] [22]

In January 2022, DigiCert acquired IoT security company Mocana.[23] In June 2022, the company acquired DNS Made Easy, a DNS services provider.[24]

On October 19, 2022, DigiCert named Dr. Amit Sinha as CEO and board member.[25] Amit had previously led technology and innovation at the cloud security company Zscaler the previous 12 years.

Industry Involvement

DigiCert is involved in industry and regulatory groups and projects,[26] [27] [28] such as:

Criticism

DigiCert Inc. is not related to Digicert Sdn. Bhd, a Malaysian-based certification authority that issues certificates with weak keys and had its trust revoked by web browsers.[40] [41] [42]

In 2019, Google security researcher Scott Helme found approximately a million dollars worth of extended verification certificates that needed to be revoked due to faulty data, a significant portion of which were DigiCert certificates.[43]

In 2022, DigiCert was condemned by Scott Helme for pushing[44] QWAC scheme of certificate similar to EV certificates that undermined trust in certificates.[45] [46] [47]

Notes and References

  1. Web site: Editorial . 2022-05-06 . Meet Digicert A Leading Global Provider Of Digital Trust Enabling Individuals And Businesses To Engage Online With The Confidence . 2023-03-29 . Tech Company News . en-US.
  2. Web site: History of Innovation DigiCert . 2023-01-27 . www.digicert.com . en-US.
  3. Anstey. Tom. 2018. Interview - Ken Bretschneider and Josh Shipley. Attractions Management. 2018. 4. 35.
  4. https://archive.sltrib.com/article.php?id=53925270&itype=CMSID “Utah’s DigiCert reorganizes its management”
  5. https://www.heraldextra.com/business/local/digicert-names-ceo-green-house-center-anniversary-utah-labor-market/article_ee0d820f-f132-5021-b261-8ef510fcf94d.html “DigiCert names CEO”
  6. Web site: Members . 2023-01-27 . CAB Forum . en-US.
  7. Web site: DigiCert Fact Sheet . digicert.com.
  8. https://www.digicert.com/news/2015-06-23-digicert-acquires-verizon-business/ “DigiCert Acquires Verizon Enterprise SSL Business”
  9. Web site: Thoma Bravo Invests in Security Firm DigiCert. Sean Michael Kerner. 2015-08-28. Eweek.com. 2015-12-25.
  10. News: Raymond . Art . Lehi's DigiCert swallows web security competitor in $1 billion deal . 21 May 2020 . Deseret News . 3 August 2017.
  11. Sharwood, Simon. “Symantec offloads its certs and web security biz to DigiCert”. The Register. Retrieved 2019-03-05.
  12. Constantin, Lucian. “To punish Symantec, Google may distrust a third of the web’s SSL certificates”. Computerworld. Retrieved 2019-03-05.
  13. https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html “Chrome’s Plan to Distrust Symantec Certificates”
  14. https://www.eweek.com/security/digicert-closes-acquisition-of-symantec-s-website-ssl-security-unit "DigiCert Closes Acquisition of Symantec's Website SSL Security Unit"
  15. DigiCert works with its customers and partners to successfully move past Google's distrust of Symantec TLS certificates . . 2019-03-01.
  16. Web site: Kent . Jonathan . 2018-10-31 . QuoVadis to be sold to US firm DigiCert . 2022-08-24 . www.royalgazette.com . en-US.
  17. Barker, Sara. “DigiCert’s QuoVadis acquisition extends PKI expertise in Europe”. SecurityBrief EMEA. Retrieved 2019-03-05.
  18. https://www.prnewswire.com/news-releases/digicert-labs-to-innovate-new-security-technologies-that-address-emerging-threats-through-collaboration-with-academic-and-industry-research-300787847.html “DigiCert Labs to innovate new security technologies that address emerging threats through collaboration with academic and industry research”
  19. Barker, Sara. “DigiCert Labs to research postquantum cryptography and ML”. SecurityBrief EMEA. Retrieved 2019-02-28.
  20. Web site: DigiCert Announces Post-Quantum Computing Tool Kit DigiCert.com . 2023-01-27 . www.digicert.com . en-US.
  21. Web site: News TA. TA Associates. en. 2019-07-16.
  22. Web site: CLEARLAKE CAPITAL GROUP AND TA ASSOCIATES TO MAKE A STRATEGIC GROWTH INVESTMENT IN DIGICERT. 2019-07-09. Clearlake Capital. en-US. 2019-07-16.
  23. Web site: DigiCert acquires Mocana to bolster IoT security. Sawers. Paul. VentureBeat. 13 January 2022 . 27 January 2022.
  24. Web site: Graham . Patrick . 2022-06-09 . DigiCert Acquires DNS Made Easy . 2022-08-24 . www.themiddlemarket.com . en-US.
  25. Web site: 2022-10-19 . DigiCert Appoints Industry Veteran Amit Sinha as Chief Executive Officer . 2022-10-24 . www.prnewswire.com . en-US.
  26. Web site: Industry Partnerships DigiCert.com . 2023-06-06 . www.digicert.com . en-US.
  27. Web site: DigiCert Company Culture . 2023-06-06 . www.digicert.com . en-US.
  28. Web site: News . Industry . 2020-05-22 . DigiCert named 2020 Global Company of the Year in TLS certificate market by Frost & Sullivan . 2023-06-06 . Help Net Security . en-US.
  29. Web site: ThePKIGuy . 2020-05-19 . The PKI Guy talks standards with Dean Coclin, chair of the ASC X9 PKI study group . 2023-06-06 . PKI Solutions LLC . en-US.
  30. Web site: Frazier . Ambria . 2019-12-04 . ASC X9 Revives PKI Working Group To Address New Public Key Infrastructure Needs . 2023-06-06 . Accredited Standards Committee X9 . en-US.
  31. Web site: 2018-03-08 . DigiCert selected to provide Root CA for AeroMACS . 2023-06-06 . Datacentre Solutions . en.
  32. Web site: APWG DigiCert . 2023-06-06 . en-US.
  33. Web site: DigiCert Root CA First Approved for Matter Device Attestation by Connectivity Standards Alliance DigiCert . 2023-06-06 . www.digicert.com . en-US.
  34. https://www.digicert.com/content/dam/digicert/pdfs/ci-plus-tv-case-study.pdf
  35. Web site: kgwynn . Member List . 2023-06-06 . DirectTrust . en-US.
  36. Inc . DigiCert . DigiCert and Eonti Selected by the Western Canadian NG9-1-1 Network Operator to Secure the Next Generation 9-1-1 Systems . 2023-06-06 . www.prnewswire.com . en.
  37. Web site: DigiCert . DigiCert Joins NIST Consortium on Effective TLS Server Certificate Management . 2023-06-06 . DigiCert . en-US.
  38. Web site: NCCoE Announces Technology Collaborators for the Migration to Post-Quantum Cryptography Project NCCoE . 2023-06-06 . www.nccoe.nist.gov. 15 July 2022 .
  39. Web site: SAE International Hires World-Class Contractor Team for EV Charging Public Key Infrastructure Cooperative Research Project . 2023-06-06 . www.sae.org . en.
  40. Web site: SSL Certificate Support - Entrust, Inc . 2015-12-25 . Entrust.net.
  41. https://blog.mozilla.org/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority
  42. https://technet.microsoft.com/en-us/security/advisory/2641690 Microsoft Security Advisory (2641690)
  43. Web site: Helme . Scott . 11 September 2019 . Extended Validation not so... extended? How I revoked $1,000,000 worth of EV certificates! . live . 2022-03-24. https://web.archive.org/web/20190911211517/https://scotthelme.co.uk/extended-validation-not-so-extended/ . 2019-09-11 .
  44. Web site: Helme . Scott . 4 January 2022 . If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate . 24 March 2022.
  45. Web site: Mozilla and the EFF publish letter about the danger of Article 45.2 The Mozilla Blog . 2022-03-24 . blog.mozilla.org . en-US.
  46. Web site: Experts urge EU not to force insecure certificates in web browsers . 2022-03-24 . BleepingComputer . en-us.
  47. Web site: Callas . Alexis Hancock and Jon . 2022-02-09 . What the Duck? Why an EU Proposal to Require "QWACs" Will Hurt Internet Security . 2022-03-24 . Electronic Frontier Foundation . en.