Skip to main content

DigiCert To Buy Symantec's CA Business For Roughly $1 Billion

When life gives you lemons... sell those lemons to someone else for almost $1 billion. That appears to be Symantec's thinking, anyway, because it announced that DigiCert has agreed to acquire its "Website Security and related PKI solutions" for $950 billion in cash. (Symantec will also receive a 30% stake in DigiCert's common stock when the deal closes.) Among those solutions: Symantec's problematic Certificate Authority (CA) division.

It might sound weird to call what is apparently a $1 billion business a "lemon," but the problems with Symantec's CA work run deep. Since late 2015, the company has been sparring with Google over whether or not Symantec-issued certificates should be trusted by Chrome, Android, et al. Now, it seems that instead of trying to solve the issue, Symantec's going to hand off the business to DigiCert and make a cool billion in the process.

The problems started when Google discovered in October 2015 that Symantec issued a rogue certificate for the "google.com" domain. Symantec and Google looked into the problem, and after some back and forth, the companies found more than a hundred certificates issued for domains without their controlling organizations' knowledge. They also learned that 2,458 certificates were issued for domains that were never registered.

These are serious mistakes. CAs and the certificates they distribute underpin the protections that make sure your connections to websites are secure. That system only works if the certificates can be trusted, and the rogue certificates issued by Symantec undermined that trust. Yet the problems didn't stop there: In December 2015, Google removed a Symantec root certificate from Chrome and Android because Symantec decided not to support the CA/Browser Forum’s Baseline Requirements with its root certificates. That was a deal-breaker for Google, so away the trust went.

Things escalated further when Google announced in March that it will gradually distrust certificates issued by Symantec. This time it was because Symantec improperly issued 30,000 certificates over the last few years. Google also immediately stopped recognizing Symantec's Extended Validation certificates and said it wouldn't re-trust (if that's a word) them for at least a year. Things were looking glum for Symantec's CA business.

Symantec responded in April by coming up with an 11-point transparency plan meant to show Google how important its certificates are to many website operators. The move was likely supposed to convince Google to reconsider its stance because of the effect it could have on popular sites. Google didn't show any signs of budging, however, which probably led to Symantec's decision to sell off the problematic business to DigiCert.

In its announcement, Symantec said its board of directors unanimously approved the deal with DigiCert. The deal is expected to close in Q3 2018.

  • ko888
    ... DigiCert has agreed to acquire its "Website Security and related PKI solutions" for $950 billion in cash.

    How is "$950 billion" roughly $1 Billion?
    Reply
  • Kennyy Evony
    the rest of it is in stocks. read the damn article
    Reply
  • Ashraf_17
    Makes sense, since Symantec was in denial of wrongdoing, remember Comodo has raised their stake by giving free certificate to Symantec customers
    Reply
  • ko888
    20020198 said:
    the rest of it is in stocks. read the damn article

    You should learn to understand what you're reading.

    I read the original press release from Symantec Corp. it clearly states that it is "approximately $950 million in upfront cash proceeds and approximately a 30 percent stake in the common stock equity".

    Notice it's $950 million not $950 billion.
    Reply
  • gasaraki
    VVV
    Reply
  • gasaraki
    20018939 said:
    ... DigiCert has agreed to acquire its "Website Security and related PKI solutions" for $950 billion in cash.

    How is "$950 billion" roughly $1 Billion?

    It's a typo. It's supposed to be $950 million.
    Reply
  • jtd871
    I hope that Digi-Cert knows how the fraudulent certificates were issued so it can avoid the mistakes going forward, otherwise Google could just blacklist them, too.
    Reply
  • brandonjclark
    Yeah, Google has a right to talk. They can't even renew their certs on time!
    Reply
  • mlee 2500
    Let's not quibble over a mere nine hundred forty-nine billion fifty million $$
    Reply
  • Kennyy Evony
    20020568 said:
    20020198 said:
    the rest of it is in stocks. read the damn article

    You should learn to understand what you're reading.

    I read the original press release from Symantec Corp. it clearly states that it is "approximately $950 million in upfront cash proceeds and approximately a 30 percent stake in the common stock equity".

    Notice it's $950 million not $950 billion.
    when figures get that high everything else is just details.
    Reply