Google to Distrust Symantec SSL Certificates

Thursday 25 January 2018

article

Google to Distrust Symantec SSL Certificates

You will need to take action before March 15, 2018 if you purchased your Symantec SSL certificate prior to June 1, 2016

Why this is happening

In March 2017, Google and Mozilla felt Symantec had violated industry standards relating to SSL certificate issuance, by entrusting several organisations with the ability to issue certificates without the appropriate or necessary oversight.

Discussions by Google, Symantec, and other members of the internet community, resulted in a plan to reduce, and ultimately remove trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web.

The plan required Symantec to migrate certificate validation to a third party managed Certificate Authority (CA). In exchange, the Google Chrome browser would continue to trust Symantec certificates validated by the third party CA.

New CA validation provider

From December 1, 2017, all Symantec SSL certificate brands (Symantec, GeoTrust, Thawte and RapidSSL) will be issued from a new CA validation platform provided by DigiCert, and will be trusted by Google Chrome.

 

Symantec SSL

 

To Clarify: Symantec SSL certificate brands will continue to exist after December 2017, however, they will be issued from the new CA validation platform.

Existing Symantec SSL certificates

Distrust of all existing Symantec SSL certificates will occur in two stages, coinciding with the release of Chrome version 66 and Chrome version 70.

Stage 1

When Chrome 66 is released (expected March 15, 2018) all Symantec SSL certificates issued before June 1st, 2016 will no longer be trusted if proper replacement action has not been taken. Meaning, users of Chrome 66+ will not be able to make an HTTPS connection with your site, and a warning will be displayed.

Stage 2

The second stage will occur with the release of Chrome 70 (expected October 21, 2018) all Symantec SSL certificates issued from their current roots will no longer be trusted if proper replacement action has not been taken. Meaning, users of Chrome 66+ will not be able to make an HTTPS connection with your site, and a warning will be displayed.

Timeframes and replacement action

To reduce the amount of disruption and effort required, we recommend the following:

SSL Certificates issued prior to June 1, 2016 and expire prior to March 15, 2018

• No action required, your certificate will continue to be trusted by Chrome until it expires.

SSL Certificates issued prior to June 1, 2016 and expire after March 15, 2018

• You will need to replace your certificate before March 15, 2018.

SSL Certificates issued after June 1, 2016 and expire prior to October 21, 2018

• No action required, your certificate will continue to be trusted by Chrome until it expires.

SSL Certificates issued after June 1, 2016 and expire after October 21, 2018

• You will need to replace your certificate before October 21, 2018.

SSL Certificates issued after December 1, 2017

• No action is required, your certificate was issued from the new CA validation platform

 

For more information regarding the security and search engine optimisation benefits provided by SSL certificates, see our blog post SSL Certificates – Tighten Cyber Security and Improve SEO. A product datasheet is also available to download.

 

 

cwcs

CWCS are here to look after your online infrastructure, so you can look after your business!

Return to blog page

Put Your Servers In Safe Hands With Our Supreme Cloud Hosting

View our services to see which of our hosting options best suits your needs.

ISO 27001 Certified

Compliant to ISO 9001:2015 & ISO 27001:2013, CWCS is independently audited for your assurance that you will receive the highest level of quality, and will ensure your information secure, intact, and only available to those authorised to access it.

G-Cloud Supplier

The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in departments of the UK Government of commodity information technology services using cloud computing.

Cyber Essentials

Cyber Essentials certifiication demonstrates our commitment to cyber security. Government and industry have worked together to produce a set of standards which helps organisations safeguard against the most common cyber threats.

Call us on 0800 1 777 000 or email us at sales@cwcs.co.uk