DigiCert announced on Oct. 31 that is has completed the $950 million acquisition of Symantec’s website security and PKI (Public Key Infrastructure) business assets, which include the company’s SSL/TLS certificates.
The deal was first announced on Aug. 3, with the goal to help improve the PKI infrastructure for Symantec’s certificates, which had been under scrutiny by Google and other web browser vendors.
“The whole point in putting these two companies (DigiCert and Symantec) together is about consolidating the technical side of the business,” John Merrill, DigiCert CEO told eWEEK. “Some of the platforms on the Symantec side were a bit older and had been called in to question by Google, while our platforms are generally more modern.”
Symantec had originally acquired the website security and SSL/TLS certificate business from VeriSign for $1.28 billion in 2010. The business unit also includes SSL/TLS certificates sold under the associated brands of Thawte, GeoTrust and RapidSSL. SSL/TLS certificates are a foundational element of internet security, helping to enable both encryption as well as authenticity for websites.
Merrill said that his firm has been busy trying to get all the different functions of the SSL/TLS certificate businesses into a single consolidated platform. For example, he noted that if an organization orders an SSL/TLS certificate, the consolidated DigiCert platform will authenticate the person asking for the certificate and then issue the certificate. The DigiCert platform was updated in recent years to support Internet of Things (IOT) devices, which requires a greater scale for certificate issuance than traditional IT devices.
“We had already updated our infrastructure on the issuance and validation side to be able to handle IoT and that also allowed us to be able to absorb the Symantec business,” Merrill said.
The biggest driver of the acquisition for DigiCert is the fact that Google has publicly stated its intention to distrust Symantec’s root authority for certificates, and as such Merrill said that there is now a migration of certificates to the DigiCert root authority.
“Obviously we wouldn’t have done this transaction unless we had some conversations with Google to make sure this deal wouldn’t be something that would hinder the SSL market going forward,” Merrill said. “From what they’ve told us, they (Google) are pleased with the process, as DigiCert has a reputation for being a cryptography leader.”
For existing Symantec SSL/TLS certificate customers, Merrill said that DigiCert now has a combined customer service team. Part of the plan is to make sure that the people that Symantec customers are already comfortable working with and have worked with for years, remain in place.
The acquisition of Symantec’s SSL business isn’t the first certificate business that DigiCert has acquired. In June 2015, DigiCert acquired the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. Merrill noted that there were some lessons learned from that acquisition that had helped his company with the Symantec integration.
“The main lesson we learned is that you have to pick a technology or single platform and run with it,” Merrill said. “If you try and keep the different platforms, it becomes very complex and you leave yourself open to errors.”
The SSL/TLS certificate business is a competitive market with multiple vendors all aiming to grow share. Francisco Partners announced on Oct. 31 that it is acquiring the SSL/TLS assets from Comodo Group to create a new standalone business that will compete directly against DigiCert.
“The nice thing about this deal is at DigiCert we have always had a singular focus on getting better and improving our products, this deal with Symantec now gives us the scale to that much more quickly,” Merrill said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.