As I have reported before, Symantec has had problems with its server SSL certificate business for years and was on double-super probation. Symantec bought its certificate business mostly from Verisign in 2010 for about 1.2 billion dollars. It also bought the certificate businesses of Thawte, Equifax and others
Last month it sold that business to Digicert, a move that was designed to preserve its equity. It sold that business for $950 million plus a minority stake in Digicert.
But now the other shoe is dropping.
The reason Symantec was in trouble was that the browser vendors didn’t trust the security of the certificates that were issued before June 2016.
OK, so what is there to do.
First, each browser maker does its own thing. Except, Chrome has the largest share of the browser market, so what Chrome does is more important than what anyone else does and, for the most part, everyone will follow what Chrome does in this case.
As of December 1 of this year, Chrome will no longer trust any NEW certificates issued by Symantec after this date. That means that if your web server uses a Symantec certificate issued on December 2, when a user visits that site, Chrome will pop up a warning saying that the site is not to be trusted.
Starting with Chrome version 66 which should be released around April 1, 2018, no Symantec certificate issued before June 1, 2016 will be trusted.
Finally, When Chrome 70 is released in October 2018, NO Symantec certificates will be trusted at all.
So, for those of you webmasters that bought Symante certificates – for certificates bought before June 2016, you have until early next year to replace those server certificates and for those of you who bought Symantec certificates after June 2016, you have until late 2018 to replace your certificates.
Since most people buy certificates that last one, two or three years, some of this will be solved by attrition, but we were examining one certificate today that expires TEN years in the future.
If you don’t know what vendor your certificates came from please reach out to us and we will be happy to assist you.
Information for this post came from ZDNet.