Why do some root and intermediate certificate authorities have "G2" or "G3" in the name?

Question

I have noticed that some root and intermediate CAs have things like "G2" or "G3" in the name.

For example, take the certificate for amazon.com. The intermediate CA is DigiCert Global CA G2, and the root CA is DigiCert Global Root G2.

I understand that "G2" means "Generation 2." But what is the purpose of having a second-generation CA? What changed between the first and second generations?

You can find the response to your question on https://crypto.stackexchange.com/questions/19093/what-does-g2-mean-when-used-with-x509-certficates-and-certificate-authorities#47196 — camp0, May 03 '18 at 15:13

score 0 · Answer 1 · answered May 03 '18 at 15:15

0

Quoted from Tombart's answer on Crypto SE:

Yes, G stands for "Generation". When CA needs to get a new chain they just increment the generation number.

For example GoDaddy's signatures:

G3 - sha256WithRSAEncryption

G4 - ecdsa-with-SHA384

answered May 03 '18 at 15:15

AndrolGenhald

15,436
5
45
50

Why do some root and intermediate certificate authorities have "G2" or "G3" in the name?

1 Answers1