DigiCert on:
[Wikipedia]
[Google]
[Amazon]
DigiCert, Inc. is a
DigiCert was founded by Ken Bretschneider in 2003 and sold in 2012. Bretschneider stepped down from the position of CEO to retain business strategy oversight as executive board chairman while Nicholas Hales became CEO. In 2016, the company named John Merrill CEO, who left the company in 2022.
In 2005, DigiCert became a founding member of the CA/Browser Forum.
In 2007, DigiCert partnered with Microsoft to develop the industry's first multi-domain (SAN) certificate.
In 2015, DigiCert acquired the CyberTrust Enterprise SSL business from
digital security
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thre ...
company headquartered in Lehi, Utah
Lehi ( ) is a city in Utah County, Utah, United States. The population was 75,907 at the 2020 United States Census, 2020 census, up from 47,407 in 2010, and it is the center of population of Utah. The rapid growth in Lehi is due, in part, to t ...
. DigiCert provides public key infrastructure
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
The purpose of a PKI is to fac ...
(PKI) and validation required for issuing digital certificates
In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a Key authentication, public key. The certificate includes the public key and informati ...
or TLS/SSL certificates, acting as a certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
(CA).
History
DigiCert was founded by Ken Bretschneider in 2003 and sold in 2012. Bretschneider stepped down from the position of CEO to retain business strategy oversight as executive board chairman while Nicholas Hales became CEO. In 2016, the company named John Merrill CEO, who left the company in 2022.
In 2005, DigiCert became a founding member of the CA/Browser Forum.
In 2007, DigiCert partnered with Microsoft to develop the industry's first multi-domain (SAN) certificate.
In 2015, DigiCert acquired the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions
Verizon Business (formerly known as Verizon Enterprise Solutions) is a division of Verizon, Verizon Communications based in Basking Ridge, New Jersey, that provides services and products for Verizon's business and government clients.
It was for ...
. Following the acquisition, DigiCert expanded its market share in high-assurance or extended validation (EV) TLS/SSL certificates(EV) TLS/SSL certificates.
On August 28, 2015, private equity firm Thoma Bravo
Thoma Bravo, LP is an American private equity and growth capital firm based in Chicago, Illinois. It is known for being particularly active in acquiring enterprise software companies and has over $130billion in assets under management .
It ...
acquired a majority stake in DigiCert, with TA Associates
TA Associates Management, L.P. is an American private equity firm and was one of the early modern-era private equity firms in the United States. The firm leads buyouts and minority recapitalizations of profitable growth companies. TA invests acros ...
holding a minority share.
In 2017, DigiCert acquired the TLS/SSL and PKI businesses from Symantec Symantec may refer to:
* Gen Digital, an American consumer software company formerly known as Symantec
* Symantec Security, a brand of enterprise security software purchased by Broadcom
Broadcom Inc. is an American multinational corporation, ...
, including brands GeoTrust
GeoTrust is a digital certificate provider. The GeoTrust brand was bought by Symantec from Verisign in 2010, but agreed to sell the certificate business (including GeoTrust) in August 2017 to private equity and growth capital firm Thoma Bravo L ...
, Rapid SSL (part of GeoTrust), Thawte
Thawte Consulting (pronounced "thought") is a certificate authority (CA) for X.509 certificates. Thawte was founded in 1995 by Mark Shuttleworth in South Africa. As of December 30, 2016, its then-parent company, Symantec Group, was collectivel ...
and Verisign
Verisign, Inc. is an American company based in Reston, Virginia, that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and generic top-level d ...
The acquisition resulted from questions first raised in 2015 by web browsers Google
Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
and Mozilla
Mozilla is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, publishes and supports Mozilla products, thereby promoting free software and open standards. The community is supported institution ...
about the authenticity of certificates issued by Symantec, which represented one-third of all TLS/SSL certificates on the web. In September 2017, Google and Mozilla announced they would "reduce, and ultimately remove, trust in Symantec's Root Keys in order to uphold user's security and privacy when browsing the web".
The final distrust deadline for certificates chaining to Symantec roots was set for October 2018. Symantec agreed to transfer its certificate business to its top TLS/SSL competitor, DigiCert, whose roots were trusted by browsers. In December 2017, DigiCert began issuing free replacements for all distrusted certificates from Symantec, GeoTrust, RapidSSL, Thawte, and VeriSign. By Oct. 2018, the company had revalidated more than 550,000 organizational identities and issued more than 5 million replacement certificates for affected customers.
In 2018, DigiCert acquired QuoVadis, a trust service provider (TSP) headquartered in Switzerland offering qualified digital certificates, PKI services, and PrimoSign electronic signature software. Qualified digital certificates from QuoVadis (now backed by DigiCert) comply with eIDAS
The eIDAS Regulation (for "electronic IDentification, Authentication and trust Services") is an regulation (European Union), EU regulation with the stated purpose of governing "electronic identification and trust service provider, trust service ...
, a set of EU standards for electronic transactions requiring legal proof of authentication. The EU Payment Services Directive
The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive, administered by the European Commission (Directorate General Internal Market) t ...
mandated that banks and other financial institutions operating in Europe begin using qualified digital certificates by Jun. 2019. According to DigiCert, "the QuoVadis acquisition aligns with the company's vision of providing globally dispersed and robust PKI-based solutions with local support."
In 2019, the company announced a new R&D division called DigiCert Labs. DigiCert Labs will collaborate with other enterprise labs – including Microsoft Research
Microsoft Research (MSR) is the research subsidiary of Microsoft. It was created in 1991 by Richard Rashid, Bill Gates and Nathan Myhrvold with the intent to advance state-of-the-art computing and solve difficult world problems through technologi ...
, Utimaco, ISARA, and Gemalto
Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and ...
– and make grants to universities for the study of topics related to authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...
, data integrity
Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire Information Lifecycle Management, life-cycle. It is a critical aspect to the design, implementation, and usage of any system that stores, proc ...
, encryption
In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
and identity
Identity may refer to:
* Identity document
* Identity (philosophy)
* Identity (social science)
* Identity (mathematics)
Arts and entertainment Film and television
* ''Identity'' (1987 film), an Iranian film
* ''Identity'' (2003 film), an ...
. Initial research projects will focus on post-quantum cryptography
Post-quantum cryptography (PQC), sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms (usually public-key algorithms) that are currently thought to be secure against a crypt ...
and machine learning
Machine learning (ML) is a field of study in artificial intelligence concerned with the development and study of Computational statistics, statistical algorithms that can learn from data and generalise to unseen data, and thus perform Task ( ...
. In 2019, DigiCert also launched the first post-quantum computing tool kit.
In 2019, Clearlake Capital
Clearlake Capital Group, L.P. is a private equity firm founded in 2006 that focuses on the technology, industrial and consumer sectors. The firm is headquartered in Santa Monica with affiliates in Dallas, London and Dublin. In 2022, the firm was ...
Group, L.P., a leading private investment firm, and TA Associates, an existing investor, reached an agreement to make a strategic growth investment in DigiCert. As part of the transaction, Clearlake, and TA Associates become equal partners in the company.
In January 2022, DigiCert acquired IoT security company Mocana. In June 2022, the company acquired DNS Made Easy, a DNS services provider.
On October 19, 2022, DigiCert named Dr. Amit Sinha as CEO and board member. Amit had previously led technology and innovation at the cloud security company Zscaler the previous 12 years.
Industry involvement
DigiCert is involved in industry and regulatory groups and projects, such as: * Accredited Standards Committee X9 ( ASC X9) * Aeronautical Mobile Airport Communication System (AeroMACS) * Anti-Phishing Working Group (APWG) * CA/Browser Forum *CableLabs
Cable Television Laboratories, Inc. (CableLabs) is a nonprofit corporation promoting innovation as a research and development lab founded in 1988 by American cable operators. System operators from around the world are eligible to be members.
T ...
* Connectivity Standards Alliance
The Connectivity Standards Alliance (CSA), formerly the Zigbee Alliance, is a group of companies that maintain and publish the Zigbee and Matter standard, along with several others.
Membership
Over the years, the Alliance's membership has gr ...
* CI+
* DirectTrust.org
* Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
(IETF)
* International Organization for Standardization
The International Organization for Standardization (ISO ; ; ) is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries.
M ...
(ISO)
* National Emergency Number Association
The National Emergency Number Association (NENA) is an organization whose mission it is to foster the technological advancement, availability, and implementation of a universal emergency telephone number system in the United States. In carrying o ...
, 9-1-1 (NENA-911)
* NIST
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...
National Cyber Security Center of Excellence ( NCCoE)
* Society of Automotive Engineers ( SAE) International
Criticism
DigiCert Inc. is not related to Digicert Sdn. Bhd, a Malaysian-based certification authority that issues certificates with weak keys and had its trust revoked by web browsers. DigiCert faced criticism during its 2017 acquisition of Symantec's certificate business. The acquisition was prompted by concerns from major web browsers about the authenticity of certificates issued by Symantec, leading to a reduction in trust for Symantec's root keys. DigiCert moved Symantec customers to its platform while maintaining the validity of existing certificates during the transition. In 2019, Google security researcher Scott Helme found approximately a million dollars worth of extended verification certificates that needed to be revoked due to faulty data, a significant portion of which were DigiCert certificates. In 2022, DigiCert was condemned by Scott Helme for pushing QWAC scheme of certificate similar to EV certificates that undermined trust in certificates.References
External links
* {{DEFAULTSORT:Digicert Certificate authorities Privately held companies based in Utah Technology companies established in 2003 American companies established in 2003 2003 establishments in Utah Companies based in Lehi, Utah