TL;DR: FY26 closed with the largest fourth-quarter ARR and more than 100% bookings attainment, while also expanding certificate lifecycle automation, DNS integration, and zero trust email security, according to DigiCert. The signal for practitioners is that trust infrastructure is now operational identity work, not just cryptography management.
NHIMG editorial — based on content published by DigiCert: DigiCert ONE fuels record ARR in breakout fourth quarter, building momentum for continued growth
By the numbers:
- DigiCert reported more than 100% attainment on topline bookings targets.
Questions worth separating out
Q: How should teams govern certificate lifecycle automation at enterprise scale?
A: Treat certificate lifecycle automation as an identity and reliability control, not a backend convenience.
Q: Why do shortening certificate lifespans increase IAM and operations risk?
A: Shorter lifespans reduce the margin for manual intervention, so every missed renewal becomes a possible outage or trust failure.
Q: What should organisations do when PKI and DNS are managed together?
A: They should review change control, access boundaries, and rollback procedures as a single trust workflow.
Practitioner guidance
- Map certificate ownership to business services Create a service-level inventory that links each certificate to an application owner, renewal window, issuing system, and rollback path so no certificate exists outside an accountable lifecycle.
- Review DNS and PKI change boundaries together Assess whether shared automation has blurred separation of duties, approval flow, or emergency change procedures across DNS and certificate management.
- Treat domain authentication as part of IAM policy Align email domain authentication, phishing-resistant controls, and workflow approvals so sender trust is evaluated alongside user and service identity risk.
What's in the full analysis
DigiCert's full report covers the operational detail this post intentionally leaves for the source:
- Quarter-by-quarter financial performance and ARR context behind the FY26 result.
- Specific platform integrations and product additions across certificate and trust lifecycle management.
- Details of the Valimail acquisition and how the combined trust stack is positioned in the market.
- Customer, partner, and analyst references that explain the commercial narrative around the update.
👉 Read DigiCert's FY26 update on DigiCert ONE, ARR growth, and trust automation →
Certificate lifecycle automation is becoming an IAM priority?
Explore further
Certificate lifecycle automation is now identity governance, not just operations. When certificate volumes increase and lifespans shorten, the old assumption that renewals can be managed as an administrative task breaks down. The control problem is no longer only revocation or issuance. It is whether the organisation can prove ownership, timing, and accountability across every machine trust object. Practitioners should treat certificate lifecycle as part of their identity governance baseline.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Our research also found that only 44% of developers are reported to follow security best practices for secrets management, which helps explain why lifecycle controls so often outpace day-to-day behaviour.
A question worth separating out:
Q: How do email authentication controls fit into identity security programmes?
A: Email authentication should be treated as an identity assurance layer because spoofed domains often lead directly to phishing, credential theft, and fraudulent approvals. If the mail channel is weak, human identity controls are weakened too. Align sender validation, phishing resistance, and privileged workflow protections.
👉 Read our full editorial: DigiCert ONE’s ARR surge signals demand for trust automation