Hey Friends,

The upcoming releases of Google Chrome September 2018 time frame is said to no longer trust certain Symantec, Thawte, GeoTrust, and RapidSSL SSL/TLS certificates. Chrome users will see “Not secure” in the address bar when connecting to websites using a distrusted certificate.

The folks over at Qualys wrote:

Google finalized their plans for staged deprecation of Symantec certificates. The process began in March 2017 when Google had announced on the Blink mailing list that they had lost confidence about Symantec’s certificate issuance policies and practices of recent years. The initial deprecation proposal was very strict and looked like it would completely paralyze Symantec, ending with limiting their certificates to validity time of less than one year.”

Ref:  https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates

You can check your site for this issue by going to Symantec’s SSL Checker site: https://www.websecurity.symantec.com/support/ssl-checker

Preparing for Browser Distrust

On March 15, 2018, the beta of Chrome version 66 will be released and the legacy Symantec certificates will no longer be trusted (again, this only affects Symantec certificates issued before June 1, 2016). Chrome Beta is only used by a fraction of Chrome’s overall user base, but we still consider it significant enough that we are striving to replace affected certificates before that date. The “Stable” release—the main version used by consumers—follows a month later.

Firefox will distrust the same set of certificates later in the year. You are not required to take action for each specific browser—replacing your certificate once is all that’s needed.

These certificates must be reissued and replaced before the March 15 deadline in order to avoid untrusted certificate errors on Chrome beta, which will interrupt website service and obstruct visitors to your site.

The process for replacing affected certificates will be extremely similar to how you renewed or ordered certificates in the past. You’ll need to submit an order/certificate request, complete validation.

Replace Your Symantec SSL/TLS Certificates

This information keeps changing so here is a link to get the latest details as they are updated:

https://www.digicert.com/replace-your-symantec-ssl-tls-certificates/