Google announces final plan against Symantec

Google announced its final plan for the Chrome browser to distrust Symantec-branded certificates last week. This decision will affect existing certificates starting April 2018. If you use Symantec certificates (or any of its brands – RapidSSL, Thawte, or GeoTrust) you are going to need to replace your certificates at some point. Below you can find who is affected, why it’s important, and a detailed roadmap with dates.

Who is Affected?

If you are a current user of Symantec certificates or plan to purchase one in 2017, this could affect you.

Why it’s Important?

The Chrome browser is used by about 60% of internet users, and a website with a distrusted certificate risks losing a large portion of its audience. Anyone trying a site with such a certificate will see a “Not Secure” warning in the address bar:

Important Dates

(Approximate) Date	What happens	Action
December 1st, 2017	This is the date is significant because Symantec plans to start issuing certificates together with partner(s). Note: DigiCert recently acquired Symantec’s website security and related PKI solutions. Symantec-brand certificates issued after this date will be issued from different roots and will not be affected by Chrome’s distrust.	As an end user, you may notice some small changes in the issuance process.
March,15 (Beta release) April 17, 2018 (Stable release, the vast majority of Chrome users)	Chrome 66 released, and all Symantec-brand certificates issued before June 1st, 2016, will no longer be trusted by Chrome. Certificates issued after June 1st, 2016 are not affected in this release.	Replace any Symantec-brand certificates issued before June 1st 2016 by this date. This can be done by reissuing your certificate for free and installing the new certificate in place of the old one. If your certificate expires around this time (April-June) you may want to consider renewing it, instead of reissuing, to avoid two replacements within a short time frame.
September 13, 2018 (Beta), October 23, 2018 (Stable, the vast majority of Chrome users)	Chrome 70 will distrust all Symantec-brand certificates which were issued without the partnership (partnership expected to begin December 1, 2017)	Finish replacing all SSL certificates issued from Symantec’s old infrastructure using any trusted CA or from Symantec’s new partnership. Failure to install a new certificate will show visitors using Chrome 70 a warning that the website is not trusted.

(Approximate) Date

What happens

Action

December 1st, 2017

This is the date is significant because Symantec plans to start issuing certificates together with partner(s). Note: DigiCert recently acquired Symantec’s website security and related PKI solutions.

Symantec-brand certificates issued after this date will be issued from different roots and will not be affected by Chrome’s distrust.

As an end user, you may notice some small changes in the issuance process.

March,15 (Beta release)
April 17, 2018 (Stable release, the vast majority of Chrome users)

Chrome 66 released, and all Symantec-brand certificates issued before June 1st, 2016, will no longer be trusted by Chrome.

Certificates issued after June 1st, 2016 are not affected in this release.

Replace any Symantec-brand certificates issued before June 1st 2016 by this date.

This can be done by reissuing your certificate for free and installing the new certificate in place of the old one.

If your certificate expires around this time (April-June) you may want to consider renewing it, instead of reissuing, to avoid two replacements within a short time frame.

September 13, 2018 (Beta), October 23, 2018 (Stable, the vast majority of Chrome users)

Chrome 70 will distrust all Symantec-brand certificates which were issued without the partnership (partnership expected to begin December 1, 2017)

Finish replacing all SSL certificates issued from Symantec’s old infrastructure using any trusted CA or from Symantec’s new partnership.

Failure to install a new certificate will show visitors using Chrome 70 a warning that the website is not trusted.

Action Plan

In summary, no actions are required on your part until Symantec has set up their Managed Partner Infrastructure, which they projected to be on 1 Dec, 2017.

NOTE: All of our affected customers will receive email updates notifying them as action is needed.

You must be logged in to post a comment.

Who is Affected?

Why it’s Important?

Important Dates

Action Plan

Company Info

Services

Products

Support