DigiCert will stop trusting G1 root certificates (including TLS/SSL end-entity certificates) on April 15, 2026, per their announcement. This change may impact connectivity to Oracle Autonomous AI Database Serverless (ADB-S) for customers using mutual TLS (mTLS) authentication.
This post explains what’s changing, who is affected, and the steps to take to avoid application downtime.
What’s happening on April 15, 2026?
On April 15, 2026, DigiCert will distrust G1 root certificates. ADB-S mTLS wallets generated up to January 28, 2026 use G1 root certificates. As a result, wallets generated before January 28, 2026 will stop working after April 15, 2026 – which may prevent existing applications, tools, or services from connecting to your database.
Who is impacted?
You are impacted only if:
- You use mTLS authentication (i.e., wallet-based connections), and
- Your application/tool/service uses a wallet generated before January 28, 2026.
If you are using TLS authentication (also known as walletless connections), no action is needed.
What has Oracle changed?
As of January 28, 2026, Autonomous AI Database Serverless began issuing wallet zip files using newer-generation G2 root certificates supported by DigiCert.
What do you need to do?
If you are using mTLS authentication, you must do the following before April 15, 2026:
- Re-download your database wallet zip file
- Update your applications, tools, and/or services to use the new wallet
Note that a wallet rotation is not required, and your existing wallet (with older G1 certificates) will continue to work until April 15,2026.
Oracle recommends using TLS authentication (also known as walletless connections). TLS authentication does not require any wallet downloads.