As soon as in Google 66, which is scheduled to be released on April 17, 2018, Google plans to distrust all Symantec-issued SSL certificates issued prior to June 1, 2016. What should be done about this?
As it turns out, Symantec SSL certificates do not comply with the industry-standard guidelines. In addition, Symantec had delegated the right to issue its certificates to several organizations (namely Thawte, GlobalSign, GeoTrust, RapidSSL, and Equifax) that did not do the necessary background checks of certain shadowy SSL applicants. In its post from September 11, 2017, Google announces the plan to distrust all Symantec SSL certificates by October 23, 2018.
This 13 month-long grace period was given to allow Symantec to do some internal cleanup, rebuild their infrastructure and deal with the compliance issues. In an response post by Symantec, the corporation agreed to the proposed terms, announced the schedule for the SSL Certificate replacement and provided instructions for its customers on how to deal with the situation.
Source — Symantec.com.
What does this mean for the common Internet users? You have to check if your website is affected by Google distrust. This can be done pretty easily:
- Press F12 on the page of your website to inspect the HTML code.
- If you have a faulty certificate, the warning will be displayed.
- If you encounter such a warning, simply replace the faulty certificates with the ones issued by credible Certificate Authorities without any further penalties for you from Google.
This means the shadowy businesses will most likely not get their certificates reviewed, while the legitimate business owners have nothing to worry about.
As Chrome 66 is supposed to be released on April 17, 2018, you still have some time to replace the certificate, yet the time is running out. Once Chrome 70 is released around October 23, 2018, any Symantec SSL certificates issued from the previous infrastructure will become invalid. Make sure you are on the safe side!
Initially, this story was posted on my company’s blog — https://itsvit.com/blog/google-distrust-symantec-ssl-certificates-important/