Updating IP addresses for OCSP and CRL services: what organizations should know
On March 10, 2026, DigiCert will incorporate new IPv4 and IPv6 addresses for its certificate health validation services. Organizations using allowlists will need to update their network rules to ensure operational continuity.
DigiCert announced that on March 10, 2026, at 1:00 PM (Argentina time, UTC-3), it will implement an upgrade to its validation services infrastructure, including the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL). The upgrade incorporates new IPv4 addresses and assigns dedicated IPv6 addresses, with the goal of strengthening its operational capacity and improving service availability.
This change may impact organizations that use allowlists to control outbound traffic in firewalls, proxies, or security groups. In these cases, it will be necessary to update network rules and incorporate the new IP addresses before the implementation date. Failure to do so may cause certain DigiCert services to stop responding correctly, affecting the validation of the status of digital certificates used within the organization.
DigiCert has made available a document with complete details of both new and existing IP addresses to facilitate this update: DigiCert Certificate Status IP Addresses. This document explains the scope of the changes and their impact on different environments.
For organizations that do not use allowlists, no action is required.
At CertiSur, we recommend reviewing your network configurations in advance and, if you have any questions, contacting our support team to assess the impact and ensure a smooth transition.