You will need to take action before March 15, 2018 if you purchased your Symantec SSL certificate prior to June 1, 2016
Why this is happening
In March 2017, Google and Mozilla felt Symantec had violated industry standards relating to SSL certificate issuance, by entrusting several organisations with the ability to issue certificates without the appropriate or necessary oversight.
Discussions by Google, Symantec, and other members of the internet community, resulted in a plan to reduce, and ultimately remove trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web.
The plan required Symantec to migrate certificate validation to a third party managed Certificate Authority (CA). In exchange, the Google Chrome browser would continue to trust Symantec certificates validated by the third party CA.
New CA validation provider
From December 1, 2017, all Symantec SSL certificate brands (Symantec, GeoTrust, Thawte and RapidSSL) will be issued from a new CA validation platform provided by DigiCert, and will be trusted by Google Chrome.
To Clarify: Symantec SSL certificate brands will continue to exist after December 2017, however, they will be issued from the new CA validation platform.
Existing Symantec SSL certificates
Distrust of all existing Symantec SSL certificates will occur in two stages, coinciding with the release of Chrome version 66 and Chrome version 70.
Stage 1When Chrome 66 is released (expected March 15, 2018) all Symantec SSL certificates issued before June 1st, 2016 will no longer be trusted if proper replacement action has not been taken. Meaning, users of Chrome 66+ will not be able to make an HTTPS connection with your site, and a warning will be displayed.
Stage 2The second stage will occur with the release of Chrome 70 (expected October 21, 2018). All Symantec SSL certificates issued from their current roots will no longer be trusted if proper replacement action has not been taken. Meaning, users of Chrome 66+ will not be able to make an HTTPS connection with your site, and a warning will be displayed.
Timeframes and replacement action
To reduce the amount of disruption and effort required, we recommend the following:
SSL Certificates issued prior to June 1, 2016 and expire prior to March 15, 2018
• No action required, your certificate will continue to be trusted by Chrome until it expires.
SSL Certificates issued prior to June 1, 2016 and expire after March 15, 2018
• You will need to replace your certificate before March 15, 2018.
SSL Certificates issued after June 1, 2016 and expire prior to October 21, 2018
• No action required, your certificate will continue to be trusted by Chrome until it expires.
SSL Certificates issued after June 1, 2016 and expire after October 21, 2018
• You will need to replace your certificate before October 21, 2018.
SSL Certificates issued after December 1, 2017
• No action is required, your certificate was issued from the new CA validation platform
As a precaution, we will contact you if your Symantec SSL certificate has not been replaced before October 2018.
If you would like to discuss this in more detail, please call 0808 133 3247 or you can raise a support ticket by clicking on the button below.
CWCS are here to look after your online infrastructure, so you can look after your business!
Saturday, January 20, 2018
