Google removing "trust" of certain legacy SSL certificates
by Chris Hall Senior Developer
Posted on February 15, 2018
Towards the end of 2017, Google Chrome created a plan to first reduce and then remove trust (by showing security warnings in the Chrome browser) of all Symantec, Thawte, GeoTrust, and RapidSSL-issued SSL/TLS certificates.
DigiCert took over validation and issuance for all Symantec Website Security SSL/TLS certificates. Going forward, all new and reissued Website Security certificates are issued by DigiCert are to be trusted by Google Chrome. These older certificates will start to be distrusted on either March 15th or September 13th of 2018 (depending on whether they were issued before or after June 1, 2016).
According to the Symantec website "Customers will need to reissue these affected certificates. DigiCert will be reaching out to customers to let them know which of their TLS certificates are affected, and when they need to be reissued. DigiCert will replace affected certificates at no cost."
On or around September 13, 2018, a Chrome 70 beta release will distrust all Symantec SSL/TLS certificates issued after June 1, 2016. Google plans to release the public version mid-October 2018.
We are contacting customers who may be affected by these changes to either re-issue their existing SSL certificates or purchase an alternative (directly or via NXT) to ensure their sites remain secure to Google Chrome.
Should you want to discuss this further with the team, please do get in touch.
About the Author
Chris leads our front end development at NXT, principally involved in all things responsive, animation and anything cool you see on the web. Chris loves nothing more than creating jQuery libraries but when he's not in the office he loves spinning Poi, making his own tunes and the Linton travel tavern. Keep your eyes peeled for "Spinjammin" - coming soon.