Opayo DigiCert Migration Update

August 7, 2025 · AI Conversations

User
longer support Entrust certificates, Opayo will be migrating all our certificates to DigiCert. The planned migration date for the new DigiCert certificates is the 27th May.‌You can find out more here:  https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html‌Who are DigiCert?DigiCert is a leading Certificate Authority in the industry. DigiCert actually held Opayo's certificates 4 years ago.‌Do I need to do anything?Check that you have DigiCert root and intermediate CA (certificate authority) certificates in your trust store.   ‌If you are unsure, please check with your developer, technology partner or shopping cart host.
Assistant
Here's a clearer and slightly more formal version of your message that you can use for communication with clients or internal teams:

**Opayo Certificate Update: Migration to DigiCert on 27th May**

As Entrust certificates will no longer be supported, **Opayo will be migrating all our certificates to DigiCert**. The planned migration date for the new DigiCert certificates is **27th May**.

You can learn more about the background of this change here:
[Google Security Blog – Sustaining Digital Certificate Security](https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html)

**Who is DigiCert?**
DigiCert is a leading Certificate Authority (CA) globally recognized for secure and reliable digital certificates. In fact, DigiCert previously held Opayo's certificates around four years ago.

**Do I need to take any action?**
Please ensure that your systems **trust DigiCert root and intermediate CA certificates**.
If you're not sure, we recommend consulting your **developer**, **technology partner**, or **shopping cart provider** to confirm your trust store includes DigiCert.

Let me know if you need a more technical checklist or a client email draft.

User
Where we check that we have digi certificate
Assistant
To **check if your system trusts DigiCert certificates**, you need to ensure that the **DigiCert root and intermediate CA certificates are present** in your trust store. Here's how to check based on your environment:

### **1. On a Linux Server (e.g., Ubuntu/Debian/CentOS)**

Run the following command to search the certificate store:

grep -i digicert /etc/ssl/certs/ca-certificates.crt

Or check with:

ls /etc/ssl/certs | grep -i digicert

If using `update-ca-certificates` (Debian/Ubuntu):

sudo update-ca-certificates --fresh

### **2. On Windows Server**

1. Open **MMC** (Run `mmc.exe`)
2. Go to **File > Add/Remove Snap-in**
3. Add **Certificates** for **Computer Account**
4. Navigate to:
– **Trusted Root Certification Authorities > Certificates**
– **Intermediate Certification Authorities > Certificates**
5. Look for certificates issued by **DigiCert** (e.g., *DigiCert Global Root CA*, *DigiCert SHA2 High Assurance Server CA*)

### **3. For PHP-based Servers**

If you're using **cURL or OpenSSL**, check the CA bundle path in your `php.ini`:

curl.cainfo = "/path/to/cacert.pem"
openssl.cafile = "/path/to/cacert.pem"

Open the `cacert.pem` file and search:

grep -i digicert cacert.pem

If not found, download the latest CA bundle from:
https://curl.se/ca/cacert.pem

### **4. For Node.js Applications**

If you're using Node.js, it usually inherits the OS trust store. But you can also manually verify trusted CAs by inspecting the Node.js CA file:

console.log(require('https').globalAgent.options.ca);

Or check with OpenSSL:

openssl s_client -connect example.com:443 -showcerts

Look for DigiCert entries in the certificate chain.

### **5. On cPanel/WHM or Shared Hosting**

Contact your hosting provider or check **WHM > SSL > Manage SSL Hosts**. You may also check the **CA Bundle** under installed SSLs to see if DigiCert is listed.

Let me know your specific environment (e.g., Ubuntu server, cPanel, Windows, etc.), and I’ll give you a precise command or path.

Leave a Comment

Your email address will not be published. Required fields are marked *