DigiCert has released a new CA certificate. Systems that do not automatically update and trust new CA certificates may require manual intervention to prevent service disruption. Email communication may be interrupted if the certificate is not trusted before it is used to sign certificates. As SEPPMail appliances do not update and trust new CA certificates automatically, manual uploading and trust are necessary.
DigiCert’s New CA Certificate
This is the newly published CA certificate from DigiCert:
DigiCert Global Root G2
Valid until: 15/Jan/2038
Serial #: 03:3A:F1:E6:A7:11:A9:A0:BB:28:64:B1:1D:09:FA:E5
SHA1 Fingerprint: DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
SHA256 Fingerprint: CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F
You can download the certificate directly from the DigiCert trusted certificate authority (CA) website.
For security reasons, your SEPPMail Appliance does not automatically update the trusted root CA database. We published another post on this topic back in 2021 due to a newly published root CA certificate.
How to install and trust the certificate on your SEPPMail
- Open the SEPPMail Web GUI and log in as an administrator.
- Open the ‘X.509 Root Certificates‘ menu.
- Use the fingerprint in the box above to search for the SHA256 fingerprint.
- If the fingerprint cannot be found, download the certificate from the above-linked website.
- Click the button labelled ‘Import S/MIME root certificate…‘ at the top right.
- Using the ‘X.509 certificate’ file upload, upload the downloaded certificate to your SeppMail. Select the ‘Automatically trust the imported X.509 Root Certificates‘ checkbox and click ‘Import‘.
- Take this opportunity to check all the other available certificates and clear out your trust store.
