User Login | FTP Login | Privacy
Careers | Contact Us

Home ยป Security Certificate Help

Security Certificate Help

Security Certificate Update

On August 2, 2017, DigiCert announced that it was purchasing all website and public key infrastructure (PKI) services from Symantec. This acquisition included Symantec subsidiaries Thawte, GeoTrust and RapidSSL. Once the transition was complete, a subsequent announcement was released notifying customers that, effective November 30, 2017, all certificates issued from DigiCert and its subsidiaries would use a new public key infrastructure (PKI) hierarchy.

What Was Changed?

The following changes will go into effect on March 13, 2018, when the National Student Clearinghouse renews our Extended Validation Certificate for

  • DigiCert High Assurance EV Root CA (SHA1) will replace Thawte Primary Root CA (SHA1)
  • DigiCert EV RSA CA 2018 (SHA256) will replace Thawte EV SSL CA – G3 Intermediate CA (SHA256)

Do I Need to Do Anything?

If you are accessing the National Student Clearinghouse directly using a web browser and operating system that has been fully patched, you should not be affected by this change. Edge, Internet Explorer, Firefox, Chrome, Safari, and most other current web browsers trust sites that use SSL certificates for secure communications using certificate authority (CA) trust chains, which are updated automatically when the browser is patched.

However, your IT department may need to make changes if you are experiencing connection problems and your application or service is configured to trust only the following:

  • Thawte Primary Root CA
  • Thawte EV SSL CA – G3 Intermediate CA

Resolving Connection Problems

If you are having problems connecting to our services or have an application that is accessing the National Student Clearinghouse through the URL, we recommend you take one of the following actions.

Solution 1: Reconfigure your application to use The certificate used for SSL communication to this site does not expire until March 10, 2019. However, secureapi currently uses the same Root CA and Intermediate CA that uses today. As a result, solution 1 only postpones the need for you to implement solution 2 until next year.

Solution 2: Download the following certificates and add them to your trust store. You may need to right-click the links below and select “Save target as…” in some browsers.

Incorporating the certificate into your systems to ensure your applications and services can communicate securely with varies considerably from one technology to another. The following links may provide some guidance:

Additional Helpful Links


Visit our self-service Help Center


Call us at 703-742-4200
M-Th: 9am-7pm, ET
F: 9am-5pm, ET
Online Contact Form


Visit the site created just for you!