Notifications
Clear all
Topic starter
25/06/2026 3:00 pm
TL;DR: Legacy partner portals and APIs for GeoTrust, RapidSSL, Symantec, Thawte and Encryption Everywhere will reach end of life between late 2019 and April 2020, while active certificates remain valid until expiry unless revoked, according to DigiCert. The security issue is not certificate validity but workflow continuity, data export, and migration planning across partner portals and APIs.
NHIMG editorial — based on content published by DigiCert: Big Changes Coming to Legacy Partner Portals and API
Questions worth separating out
Q: What breaks when a certificate portal is retired before all workflows move over?
A: The main failure mode is not certificate expiry, but loss of administrative reach.
Q: Why do legacy certificate APIs create governance risk during platform migrations?
A: Legacy APIs become risk when they are embedded in scripts, partner integrations, or middleware that no one inventories properly.
Q: How should teams handle certificate data before a portal end of life?
A: Teams should export the historical records they still need for audit, customer support, and incident response before access disappears.
Practitioner guidance
- Inventory every legacy dependency Identify all partner portals, APIs, scripts, and downstream systems that still depend on the legacy certificate workflow before the shutdown window closes.
- Validate replacement API workflows Test order placement, renewal, revocation, and inventory functions against the new API and confirm that partner automation still completes end to end.
- Export historical certificate records Pull inactive, expired, and revoked certificate data out of the legacy portal so audit evidence and customer history survive the decommissioning.
What's in the full article
DigiCert's full blog post covers the operational detail this post intentionally leaves for the source:
- Brand-by-brand EOL dates for the legacy partner portals and APIs so teams can sequence migration work.
- Implementation guidance for moving partner workflows into CertCentral without losing certificate visibility or order handling.
- Advice on exporting non-active certificate data and old order history before legacy access disappears.
- Support channels and account-management steps for partners that need early testing access.
👉 Read DigiCert's migration notice for legacy partner portals and APIs →
Legacy partner portal EOLs: what certificate teams need to plan?
Explore further
25/06/2026 4:17 pm
Certificate portal decommissioning is a lifecycle governance event, not just a hosting change. The core risk is that operational identity paths can outlive the platform they depend on, creating a gap between valid certificates and reachable administration. That gap matters because certificate governance includes issuance, renewal, revocation, and audit evidence, not only cryptographic validity. Practitioners should treat the shutdown as a lifecycle control transition, not a website migration.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: Who is accountable when partner certificate workflows are still on a legacy platform?
A: Accountability sits with the teams that own the lifecycle, not only the teams that run the platform. Certificate operations, partner management, and security governance must jointly confirm that migration, data retention, and access continuity are complete before the final shutdown date.
👉 Read our full editorial: Legacy partner portal EOLs create certificate migration risk
