Symantec announced on Aug. 2 that it is selling its website security and public key infrastructure (PKI) technologies to DigiCert for $950 million in cash and a 30 percent stake in DigiCert’s common stock equity. The deal is set to close in the third quarter of fiscal year 2018.
Symantec’s website security and PKI business includes the Secure Sockets Layer/Transport Layer Security (SSL/TLS) security certificate business unit that Symantec originally acquired from VeriSign for $1.28 billion in 2010. The business unit also includes SSL/TLS certificates sold under the associated brands of Thawte, GeoTrust and RapidSSL.
DigiCert itself was acquired by private equity firm Thoma Bravo and TA Associates in August 2015. Thoma Bravo is no stranger to Symantec either, having sold Blue Coat, which it had acquired in March 2015, to Symantec in June 2016 for $4.65 billion.
“DigiCert is solely focused on providing leading SSL and PKI solutions,” Symantec CEO Greg Clark said during his company’s first-quarter 2018 earnings call.
Symantec reported first-quarter fiscal 2018 revenue of $1.17 billion for a $33 percent year-over-year gain.
“With this transaction, we believe DigiCert will have the resources needed to lead the next generation of global website security,” Clark said. “We will receive a minority ownership stake in DigiCert at the closing of the transaction, allowing Symantec to continue to participate in the value created by this transaction and ensure a successful transition for the customers of our website security and related PKI solutions.”
For DigiCert, the acquisition of the Symantec SSL/TLS certificate business is the company’s second in the last two years. In June 2015, DigiCert acquired the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. DigiCert includes IBM, Sony, Facebook VMware, Intel and Harvard University among its customer base.
The sale of the SSL/TLS certificate business comes after months of dispute between Symantec and browser vendors including Google and Mozilla about certificate issuance practices. In March 2017, Google warned Symantec that it would distrust all Symantec SSL/TLS certificates if certain protective security measures for certificate issuance were not taken.
During his company’s earnings call, Clark said the DigiCert acquisition accelerates the transition to a new PKI platform at DigiCert that meets all industry standards and browser requirements.
“During our discussion with the browsers, our goal has been to minimize the impact to our customers, and we believe this transaction achieves that goal and commitment,” Clark said.
John Merrill, CEO of DigiCert, is also confident that his company can meet the SSL/TLS requirements that the browser vendors wanted from Symantec.
“Importantly, we feel confident that this agreement will satisfy the needs of the browser community,” Merrill wrote in a blog post. “DigiCert is communicating this deal and its intentions to the browser community and will continue to work closely with them during the period leading up to our closing the transaction.”