diff --git a/browser/branding/aurora/branding.nsi b/browser/branding/aurora/branding.nsi
index 682fa9fda54f..f3c573733e44 100644
--- a/browser/branding/aurora/branding.nsi
+++ b/browser/branding/aurora/branding.nsi
@@ -24,7 +24,7 @@
 
 # The installer's certificate name and issuer expected by the stub installer
 !define CertNameDownload   "Mozilla Corporation"
-!define CertIssuerDownload "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
+!define CertIssuerDownload "DigiCert SHA2 Assured ID Code Signing CA"
 
 # Dialog units are used so the UI displays correctly with the system's DPI
 # settings.
diff --git a/browser/branding/nightly/branding.nsi b/browser/branding/nightly/branding.nsi
index 636d2f782454..b37853b77643 100644
--- a/browser/branding/nightly/branding.nsi
+++ b/browser/branding/nightly/branding.nsi
@@ -23,7 +23,7 @@
 
 # The installer's certificate name and issuer expected by the stub installer
 !define CertNameDownload   "Mozilla Corporation"
-!define CertIssuerDownload "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
+!define CertIssuerDownload "DigiCert SHA2 Assured ID Code Signing CA"
 
 # Dialog units are used so the UI displays correctly with the system's DPI
 # settings.
diff --git a/browser/branding/official/branding.nsi b/browser/branding/official/branding.nsi
index 94ffbaa98f12..bbdead7e4a33 100644
--- a/browser/branding/official/branding.nsi
+++ b/browser/branding/official/branding.nsi
@@ -28,7 +28,7 @@
 
 # The installer's certificate name and issuer expected by the stub installer
 !define CertNameDownload   "Mozilla Corporation"
-!define CertIssuerDownload "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
+!define CertIssuerDownload "DigiCert SHA2 Assured ID Code Signing CA"
 
 # Dialog units are used so the UI displays correctly with the system's DPI
 # settings. These are tweaked to look good with the en-US strings; ideally
diff --git a/browser/branding/unofficial/branding.nsi b/browser/branding/unofficial/branding.nsi
index 4c52c1d0c0a4..1fc5c12d2af9 100644
--- a/browser/branding/unofficial/branding.nsi
+++ b/browser/branding/unofficial/branding.nsi
@@ -23,7 +23,7 @@
 
 # The installer's certificate name and issuer expected by the stub installer
 !define CertNameDownload   "Mozilla Corporation"
-!define CertIssuerDownload "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
+!define CertIssuerDownload "DigiCert SHA2 Assured ID Code Signing CA"
 
 # Dialog units are used so the UI displays correctly with the system's DPI
 # settings.
diff --git a/other-licenses/nsis/Plugins/InetBgDL.dll b/other-licenses/nsis/Plugins/InetBgDL.dll
index fb9aec978768..6cb91637bda0 100644
Binary files a/other-licenses/nsis/Plugins/InetBgDL.dll and b/other-licenses/nsis/Plugins/InetBgDL.dll differ
diff --git a/taskcluster/gecko_taskgraph/transforms/geckodriver_signing.py b/taskcluster/gecko_taskgraph/transforms/geckodriver_signing.py
index 25f861e662dc..95b8d3dd5408 100644
--- a/taskcluster/gecko_taskgraph/transforms/geckodriver_signing.py
+++ b/taskcluster/gecko_taskgraph/transforms/geckodriver_signing.py
@@ -121,7 +121,7 @@ def make_signing_description(config, jobs):
 
 def _craft_upstream_artifacts(dep_job, dependency_kind, build_platform):
     if build_platform.startswith("win"):
-        signing_format = "autograph_authenticode_202404"
+        signing_format = "autograph_authenticode_sha2"
     elif build_platform.startswith("linux"):
         signing_format = "autograph_gpg"
     elif build_platform.startswith("macosx"):
diff --git a/taskcluster/gecko_taskgraph/transforms/openh264_signing.py b/taskcluster/gecko_taskgraph/transforms/openh264_signing.py
index 74aebbd90b79..00a55dad41ac 100644
--- a/taskcluster/gecko_taskgraph/transforms/openh264_signing.py
+++ b/taskcluster/gecko_taskgraph/transforms/openh264_signing.py
@@ -81,7 +81,7 @@ def make_signing_description(config, jobs):
         }
 
         if "win" in build_platform:
-            upstream_artifact["formats"] = ["autograph_authenticode_202404"]
+            upstream_artifact["formats"] = ["autograph_authenticode_sha2"]
         elif "mac" in build_platform:
             upstream_artifact["formats"] = ["mac_single_file"]
             upstream_artifact["singleFileGlobs"] = ["libgmpopenh264.dylib"]
diff --git a/taskcluster/gecko_taskgraph/transforms/repackage_signing.py b/taskcluster/gecko_taskgraph/transforms/repackage_signing.py
index d4106efb2924..66c1f87d7018 100644
--- a/taskcluster/gecko_taskgraph/transforms/repackage_signing.py
+++ b/taskcluster/gecko_taskgraph/transforms/repackage_signing.py
@@ -29,10 +29,10 @@ repackage_signing_description_schema = Schema(
 )
 
 SIGNING_FORMATS = {
-    "target.installer.exe": ["autograph_authenticode_202404_stub"],
-    "target.stub-installer.exe": ["autograph_authenticode_202404_stub"],
-    "target.installer.msi": ["autograph_authenticode_202404"],
-    "target.installer.msix": ["autograph_authenticode_202404"],
+    "target.installer.exe": ["autograph_authenticode_sha2_stub"],
+    "target.stub-installer.exe": ["autograph_authenticode_sha2_stub"],
+    "target.installer.msi": ["autograph_authenticode_sha2"],
+    "target.installer.msix": ["autograph_authenticode_sha2"],
 }
 
 transforms = TransformSequence()
diff --git a/taskcluster/gecko_taskgraph/transforms/repackage_signing_partner.py b/taskcluster/gecko_taskgraph/transforms/repackage_signing_partner.py
index 5f7c893e9276..e3940fd84669 100644
--- a/taskcluster/gecko_taskgraph/transforms/repackage_signing_partner.py
+++ b/taskcluster/gecko_taskgraph/transforms/repackage_signing_partner.py
@@ -93,7 +93,7 @@ def make_repackage_signing_description(config, jobs):
                     "paths": [
                         get_artifact_path(dep_job, f"{repack_id}/target.installer.exe"),
                     ],
-                    "formats": ["autograph_authenticode_202404", "autograph_gpg"],
+                    "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
                 }
             ]
 
@@ -113,7 +113,7 @@ def make_repackage_signing_description(config, jobs):
                                 f"{repack_id}/target.stub-installer.exe",
                             ),
                         ],
-                        "formats": ["autograph_authenticode_202404", "autograph_gpg"],
+                        "formats": ["autograph_authenticode_sha2", "autograph_gpg"],
                     }
                 )
         elif "mac" in build_platform:
diff --git a/taskcluster/gecko_taskgraph/util/signed_artifacts.py b/taskcluster/gecko_taskgraph/util/signed_artifacts.py
index 302a2e09f7e6..61dad14abf9b 100644
--- a/taskcluster/gecko_taskgraph/util/signed_artifacts.py
+++ b/taskcluster/gecko_taskgraph/util/signed_artifacts.py
@@ -98,14 +98,14 @@ def generate_specifications_of_artifacts_to_sign(
                 "artifacts": [
                     get_artifact_path(job, "{locale}/setup.exe"),
                 ],
-                "formats": ["autograph_authenticode_202404"],
+                "formats": ["autograph_authenticode_sha2"],
             },
             {
                 "artifacts": [
                     get_artifact_path(job, "{locale}/target.zip"),
                 ],
                 "formats": [
-                    "autograph_authenticode_202404",
+                    "autograph_authenticode_sha2",
                     "autograph_widevine",
                     "autograph_omnija",
                 ],
diff --git a/taskcluster/kinds/repackage-msix/kind.yml b/taskcluster/kinds/repackage-msix/kind.yml
index 2b5f682ceb1e..96ff07c77c13 100644
--- a/taskcluster/kinds/repackage-msix/kind.yml
+++ b/taskcluster/kinds/repackage-msix/kind.yml
@@ -101,8 +101,8 @@ jobs:
                                 # level 3 repositories, some build types are expected to
                                 # be signed with our fake certificate.
                                 by-build-platform:
-                                    .*-shippable: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=San Francisco, S=California, C=US"
-                                    .*-devedition: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=San Francisco, S=California, C=US"
+                                    .*-shippable: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US"
+                                    .*-devedition: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US"
                                     default: "CN=Mozilla Fake SPC"
             publisher-display-name:
                 by-package-format:
diff --git a/taskcluster/kinds/repackage-shippable-l10n-msix/kind.yml b/taskcluster/kinds/repackage-shippable-l10n-msix/kind.yml
index 8c7cff523b81..021896a7ad91 100644
--- a/taskcluster/kinds/repackage-shippable-l10n-msix/kind.yml
+++ b/taskcluster/kinds/repackage-shippable-l10n-msix/kind.yml
@@ -102,8 +102,8 @@ jobs:
                                 # level 3 repositories, some build types are expected to
                                 # be signed with our fake certificate.
                                 by-build-platform:
-                                    .*-shippable: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=San Francisco, S=California, C=US"
-                                    .*-devedition: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=San Francisco, S=California, C=US"
+                                    .*-shippable: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US"
+                                    .*-devedition: "CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US"
                                     default: "CN=Mozilla Fake SPC"
             publisher-display-name:
                 by-package-format: