Replace Symantec Issued Certificates Ahead Of Chrome 66

Symantec recently announced that DigiCert, the world’s most respected scalable identity and an established provider of encryption solutions, will acquire Symantec’s Website security, as well as PKI solutions. The announcement did not take many by surprise because many clients were already losing faith in Symantec. It goes without saying though, that the announcement comes at a time when businesses have no choice but to be wary of cyber security threats that infiltrate the web every day.

What’s in the deal?

For starters, the acquisition is, by all means, a good thing for DigiCert customers. The sole reason here being the fact that when it comes to delivering safe identity and encryption solutions, DigiCert is a name many already trust. The brand is also associated with innovative solutions and unparalleled support.

Unfortunately, there seems to be a problem already! Just how will the transition take place? Although simple, many would find this question a difficult one to answer. Not for DigiCert though. The company after all is innovative.

To ensure that the transition takes place seamlessly, Symantec Website Security is now reaching out to people and businesses that may be affected or have already been affected by their move. This is in a bid to ensure that the continuity of online business is not disturbed and that no one halts his or her services in the name of a cyber-security breach. As a matter of fact, the company wants to ensure that no one is affected in any way.

Google Proposal Background

On the 27th of July 2017, Google came up with a plan for all TLS server certificates issued by Symantec. The plan featured specific dates that would affect quite a number of operations on the world wide web. The critical dates included:

• 1st December 2017 – All Symantec SSL and TLS certificated were supposed to have been issued from a new PKI infrastructure by this date. That was and still is, the only way Google Chrome would trust such certificates.

• 15th March 2018 – This had everything to do with Chrome 66 Beta or if you may, the Google Chrome66 update. Google Chrome has been sending prompts to users whose sites are secured with SSL and TLS certificates. Websites that have certificates issued before 1st July 2016, would see the warning signs. One important thing to note here is that nothing will have been lost by the time you see the warning. Your data encryption will still function properly and your security will not be at risk.

• 13th September 2018 – This is around the time that Google will launch Chrome 70 Beta. Google Chrome will show a warning for sites secured with SSL/TLS certificates issued by Symantec’s existing PKI infrastructure. Again, your security won’t be compromised and your data encryption will work just fine. Your site visitors will however, be distracted by a warning shown by Google Chrome.

It is important to note that on the 1st of August 2017, Mozilla Firefox announced that it would follow the time-line Google proposed. Google went on to reconfirm its timelines on the 11th of September 2017. That did not leave DigiCert customers with much of a choice.

What to do

Symantec evaluated all certificates to ensure that businesses comply with browser requirements. They planned to ensure that by the time they handed over operations to DigiCert, no one’s business had been affected. So where exactly does this leave Chrome 66 users? From the aforementioned timelines, certificates issues before June 1 2006 should have been replaced by March 15 2018. DigiCert embarked on an ambitious outreach project to ensure that affected customers enjoy a seamless transition.

The fact that DigiCert offers free replacement certificates to help users avoid disruptions and warning signs while using HTTPs sites is a big statement from the company. It appears that they actually mean business when they say they do not want anyone to be affected. It also appears that they are moving systematically with Google’s timelines. All one needs to do is visit a Symantec portal for a free certificate. This will last for a certain validity period, so yeah, there is a need to rush before the free offer ends. A free web tool is available, so you do not need to worry about how to find out if your certificate has been affected. Enter your domain name and the web tool will inform you if you are using a certificate that needs to be replaced. The tool can help any business identify any certificate that will be affected by the release of Chrome 70 as well as Firefox 63, slated for later this year.

What is next for Chrome 66 users?

The most appropriate answer would be, ‘Don’t worry, everything’s under control’. That is if all the aforementioned plans by Google, Symantec and Digicert are anything to go by. As a Chrome 66 user, you should be keen on the launch of the Google Chrome66 update, which happens to be April 17th 2018. Note that you can replace your certificate through other certificate providers if you wish. This could be for a fee though.

As soon as Chrome 66 is released, the browser’s developer tools will immediately begin noting certificates that Chrome 66’s distrust. Google has without a doubt taken a tough stance on certificates issued by Symantec. Chrome 70 will also come along with the same measures. Just like Chrome 66, the browser is designed to distrust any certificate that was issued by Symantec’s old infrastructure.

What happens if one does not comply?

One will feel the pinch as soon as Chrome 70 launches. According to Google, Chrome 70 will get rid of Symantec’s old infrastructure and any certificate it has issued. This move alone is enough to make one realize what Google actually feels about Symantec’s alleged security violations. It also says a lot about Google’s commitment to ensure that Chrome Users feel safe. Can the same be said of Mozilla? That’s a whole new story for another day – so far so good though. Just like Google, they have taken the necessary measures. Focus now shifts to Chrome 70 and whether they will live up to the hype and stand out as a success, or not.