Google distrust of Symantec SSL certificates. Why is it important?

Written by FedakV | Published 2018/04/16
Tech Story Tags: ssl | ssl-certificate | devops | cybersecurity | google

TLDRvia the TL;DR App

As soon as in Google 66, which is scheduled to be released on April 17, 2018, Google plans to distrust all Symantec-issued SSL certificates issued prior to June 1, 2016. What should be done about this?

As it turns out, Symantec SSL certificates do not comply with the industry-standard guidelines. In addition, Symantec had delegated the right to issue its certificates to several organizations (namely Thawte, GlobalSign, GeoTrust, RapidSSL, and Equifax) that did not do the necessary background checks of certain shadowy SSL applicants. In its post from September 11, 2017, Google announces the plan to distrust all Symantec SSL certificates by October 23, 2018.

This 13 month-long grace period was given to allow Symantec to do some internal cleanup, rebuild their infrastructure and deal with the compliance issues. In an response post by Symantec, the corporation agreed to the proposed terms, announced the schedule for the SSL Certificate replacement and provided instructions for its customers on how to deal with the situation.

Source — Symantec.com.

What does this mean for the common Internet users? You have to check if your website is affected by Google distrust. This can be done pretty easily:

  • Press F12 on the page of your website to inspect the HTML code.
  • If you have a faulty certificate, the warning will be displayed.
  • If you encounter such a warning, simply replace the faulty certificates with the ones issued by credible Certificate Authorities without any further penalties for you from Google.

This means the shadowy businesses will most likely not get their certificates reviewed, while the legitimate business owners have nothing to worry about.

As Chrome 66 is supposed to be released on April 17, 2018, you still have some time to replace the certificate, yet the time is running out. Once Chrome 70 is released around October 23, 2018, any Symantec SSL certificates issued from the previous infrastructure will become invalid. Make sure you are on the safe side!

Initially, this story was posted on my company’s blog — https://itsvit.com/blog/google-distrust-symantec-ssl-certificates-important/

Published by HackerNoon on 2018/04/16
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy