Security Experts:

Connect with us

Hi, what are you looking for?



Symantec to Sell Certificate Business to DigiCert for $950 Million

After reaching an agreement with Google regarding penalties for misissued digital certificates, Symantec announced on Wednesday that it has made a deal with DigiCert to sell its website security and related public key infrastructure (PKI) solutions.

After reaching an agreement with Google regarding penalties for misissued digital certificates, Symantec announced on Wednesday that it has made a deal with DigiCert to sell its website security and related public key infrastructure (PKI) solutions.

DigiCert has agreed to pay Symantec $950 million in cash and a stake of roughly 30 percent in common stock equity of the DigiCert business. The transaction has been approved unanimously by Symantec’s board of directors and is expected to be completed in the third quarter of fiscal 2018.

DigiCert will continue to operate under the supervision of CEO John Merrill from its headquarters in Lehi, Utah, where it will employ more than 1,000 people. With the acquisition of Symantec’s certificate business, the company is expected to bring new approaches to the TLS market and benefit from growth opportunities in IoT.

Symantec has come under fire recently for misissued TLS certificates, and Google and other web browser vendors have been discussing penalties.

Google announced recently that certificates issued by Symantec and its partners before June 1, 2016, will need to be replaced by March 15, 2018. All other certificates need to be replaced until the release of Chrome 70, currently scheduled for release in October 2018.

Google said Symantec could still issue digital certificates, but only through the infrastructure of a subordinate certificate authority (SubCA). A few weeks ago, Symantec said it had been trying to find a partner and informed customers that the new infrastructure should be set up by December 1.

It appears Symantec has decided to abandon its website security business altogether, but promised customers an easy transition.

“We carefully examined our options to ensure our customers would have a world-class experience with a company that offers a modern website PKI platform and is poised to lead the next generation of website security innovation,” said Symantec CEO Greg Clark. “I’m thrilled that our customers will benefit from a seamless transition to DigiCert, a company that is solely focused on delivering leading identity and encryption solutions. Symantec is deeply committed to the success of this transition for our customers.”

Some of Symantec and DigiCert’s competitors have taken the opportunity to get Symantec customers concerned about potential disruptions to join them.

Comodo has published a blog post warning Symantec customers of the consequences of moving to DigiCert.

“DigiCert does not have the same infrastructure as Symantec, as a much smaller Certificate authority it never had the need to,” Comodo said. “Therefore, the eventual platform migration poses a huge execution and technology risk for all Symantec Enterprise customers and channel partners.”

Related: Mozilla Tells Symantec to Accept Google’s CA Proposal

Related: Symantec to Acquire Mobile Security Firm Skycure

Related: Symantec to Acquire Threat Isolation Startup Fireglass

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.