Symantec SSL Certificates

Rod Jacka - Thursday, February, 22, 2018

Executive Summary

Summary of the Situation

The Chrome team no longer trust previously issued Symantec certificates, and DigiCert have been selected as the new primary provider of SSL certificate infrastructure.

Symantec will maintain their role as an issuer of certificates, but DigiCert will manage the ‘Managed Partner Infrastructure’ on their behalf.

Technically Symantec are now selling certificates with this ‘new’ infrastructure, so certificates purchased from them can be renewed.
However, given the situation we recommend going straight to DigiCert.

April 17th 2018:

Chrome 66 scheduled for release, which removes trust in Symantec-issued certificates issued prior to June 1st 2016

October 23rd 2018:

Chrome 77 is scheduled for release, which removes trust in all ‘old’ Symantec-issued certificates issued on or after June 1st 2016

How to check SSL Certificate Status

Step 1) Visit the website using Chrome

Step 2) Open Developer Tools and refresh

(CTRL+SHIFT+I) ← (letter i, not L) or F12

Step 3) Review the Console

If the SSL certificate in use was issued prior to June 1st 2016, the console will display this message: (M66, must be replaced by mid April)

If the SSL certificate was issued on or after June 1st 2016, the console will display this message: (M70, must be replaced by mid October)

Full Background Information

Google Security Blog – Chrome’s Plan to Distrust Symantec Certificates

This article provides a full overview of the situation.

Key details:

Comment

Your email address will not be published. Required fields are marked *

Search