On January 21, 2021, GlobalSign upgraded the intermediate certificate used to issue DV (Domain Validation) SSL certificates. All GlobalSign DV SSL certificates issued through Alibaba Cloud Certificate Management Service before this date were revoked and re-issued. If you hold an affected certificate, download the replacement and redeploy it to your server.
What changed
To comply with CA/Browser Forum security requirements, GlobalSign replaced the intermediate certificate for DV SSL certificates:
Previous intermediate certificate: GlobalSign RSA DV SSL CA 2018
New intermediate certificate: GlobalSign GCC R3 DV TLS CA 2020
GlobalSign recommendation
Generate a new key pair, reissue your DV SSL certificate, and redeploy it. The reissued certificate chains to the new intermediate certificate.
Alibaba Cloud response
All GlobalSign DV SSL certificates issued through Alibaba Cloud Certificate Management Service before 00:00:00 (UTC+8), January 21, 2021 were revoked. GlobalSign re-issued all affected certificates by January 22, 2021. Alibaba Cloud replaced the revoked certificates with the newly issued versions.
Required action
Log on to the SSL Certificates Service console.
Download the newly issued certificate.
Deploy the new certificate to your server, replacing the original certificate.
If you do not redeploy the certificate, HTTPS access to your website fails.
If you encounter issues during deployment, contact Alibaba Cloud technical support.
Compensation
If your certificates were revoked due to this upgrade, you receive 50% off the list price on your next GlobalSign DV SSL certificate renewal.