Certificate Migration

For those of you who might be using a single certificate in an embedded device to access a program update repository, we found out too late that GitHub was migrating from the DigiCert High Assurance EV Root to the DigiCert Global Root. Last I knew they were not done with the migration because api.github.com used DigiCert Global Root and raw.usercontent.com used DigiCert High Assurance EV Root. We are working with GitHub Developer Support on a solution so I would encourage anyone with the same issue to contact support.
Gary K

Good news from GitHub today for those who need to migrate certificates in an embedded device. Read below:
Gary

GitHub (GitHub Support)

Mar 25, 2021, 8:32 AM UTC

Hi Kobi and Gary,

We are in discussion with our certificate provider to see what options they can provide us. Depending on what the answers will be, we’ll have one of the following scenarios:

We’re able to roll out a certificate tied to the old root as a one time exception until that certificate expires. This means that you will have time to roll it over and fix the update mechanism.

If they are not able to help, we’ll revert to the old certificate for a few days so you all can upgrade.

So regardless of the situation, we can make sure that at minimum for the next work week the old CA will be used and you can update the devices.

The time window will be Monday to Thursday of next week (Monday 08:00 UTC - Thursday 15:00 UTC) .

Independent of what options we end up having on our side, you should be able to use this window to upgrade your devices to ensure future upgrades work as well.

Depending on which of the above scenarios happens, the window might be significantly longer, but this is the minimum we can guarantee right now so that you all can prepare sooner rather than later.

Let me know if you have any questions or concerns about this plan.

Best regards,
Steve