[Action Required] Root CA - G3 intermediate certificate serial number issue

13 May 2023 in

Yesterday, Upstream provider CERTUM notified us of an urgent issue with an intermediate certificate [Root CA - G3].

We are writing to inform you that if your certificate was issued by [Root CA - G3] certificate Requires replacement. The serial numbers for these certificates were generated with insufficient entropy, which violates the CA/Browser Forum Baseline (CABF BR). Specifically, CABF BR requires that "CAs SHALL generate Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG."

As a result, CERTUM must reissue your certificate within the next 7 days under CABF BR guidelines. 


Please note that you are required to visit the dashboard to complete the replacement process within 7 days. While the process requires re-verifying domain name control ownership, you can choose HTTP/DNS verification method during the replacement process. You will get a new certificate after verification is complete.;


We will issue you a new certificate valid for 12 months to keep our service reputation as always.


The affected intermediate certificate is: [Root CA - G3]




We apologize for any inconvenience this may cause and encourage you to replace these certificates immediately.