DigiCert High Assurance EV Root CA Intermediate Certificate
Symptom
Resolution
DigiCert SSL certificates expiring after January 2011 are issued from a 2048 bit certificate path. The Root Certificate in this path is titled "DigiCert High Assurance EV Root CA" and is already trusted by all modern browsers (Internet Explorer, Firefox, Safari, Opera, Chrome, etc.)
To maintain widespread compatibility with older browsers and some mobile devices, DigiCert provides a Cross-Signed Intermediate Certificate which enables legacy devices to follow the intermediate certificate chain to the "Entrust.net Secure Server Certification Authority" Root Certificate. This Cross-Signed certificate appears in your Intermediate Certification Authorities certificates store in Windows. Its Subject is "DigiCert High Assurance EV Root CA" and its Issuer is "Entrust.net Secure Server Certification Authority."
- Update the end user's browser.
- Check if there is any difference between the intermediate DigiCert High Assurance EV Root CA presented by the server/website and the same certificate present in the Device > Certificate Management > Certificates > Default Trusted Certificate Authorities