DigiCert Root and Intermediate CA Certificate Change and your Heroku App


DigiCert will start issuing public TLS/SSL certificates from G2 root and intermediate CA certificate hierarchies. This may affect your Heroku apps if they satisfy any of the following conditions:

  1. Pins custom ICA/Root certificates
  2. Hard-codes the acceptance of ICA/Root certificates
  3. Bundles their own trust store

If your app does any of the above, you'll likely have issues interacting with the Heroku API (api.heroku.com) or any services that use DigiCert-issued SSL certificates.


We recommend performing the following actions:

  • Update your custom certificate bundle and redeploy your app
  • Avoid pinning or hard-coding root or ICA certificate acceptance or make the necessary changes to ensure certificates issued from the G2 certificate hierarchy are trusted i.e. they can chain up to their trusted G2 root certificate

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support