Google announces final plan to distrust Symantec

Google has announced its final plan to distrust Symantec certificates.

Google announced its final plan for the Chrome browser to distrust Symantec-branded certificates last week. This decision will affect existing certificates starting April 2018.

If you use Symantec certificates (or any of its brands – RapidSSL, Thawte, or GeoTrust) you are going to need to replace your certificates at some point.

At Openprovider, we want to make this replacement process as clear as possible to you as a customer. Below, you can find whether this affects you and why this is important. We have also created a detailed roadmap with dates for you to consult.

Does Google ‘s plan affect you?

If you are a current user of Symantec certificates or plan to purchase one in 2017, this could affect you.

Why it is important?

About 60% of internet users use the Chrome browser. A website with a distrusted certificate risks losing a large portion of its audience. Anyone trying a site with such a certificate will see a “Not Secure” warning in the address bar. So, in this case, you lose risking a lot of possible visitors and customers.

Important dates in Google’s plan

Below you can find a roadmap of important dates in Google ‘s final plan to distrust Symantec certificates:

(Approximate) Date	What happens	Action
December 1st, 2017	This date is significant because Symantec plans to start issuing certificates together with partner(s). Note: DigiCert recently acquired Symantec’s website security and related PKI solutions. Symantec-brand certificates issued after this date will be issued from different roots and will not be affected by Chrome’s distrust.	As an end user, you may notice some small changes in the issuance process.
March,15 (Beta release) April 17, 2018 (Stable release, the vast majority of Chrome users)	Chrome 66 released, and all Symantec-brand certificates issued before June 1st, 2016, will no longer be trusted by Chrome. Certificates issued after June 1st, 2016 are not affected in this release.	Replace any Symantec-brand certificates issued before June 1st 2016 by this date. This can be done by reissuing your certificate for free and installing the new certificate in place of the old one. If your certificate expires around this time (April-June) you may want to consider renewing it, instead of reissuing, to avoid two replacements within a short time frame.
September 13, 2018 (Beta), October 23, 2018 (Stable, the vast majority of Chrome users)	Chrome 70 will distrust all Symantec-brand certificates which were issued without the partnership (partnership expected to begin December 1, 2017)	Finish replacing all SSL certificates issued from Symantec’s old infrastructure using any trusted CA or from Symantec’s new partnership. Failure to install a new certificate will show visitors using Chrome 70 a warning that the website is not trusted.

(Approximate) Date

What happens

Action

December 1st, 2017

This date is significant because Symantec plans to start issuing certificates together with partner(s).

Note: DigiCert recently acquired Symantec’s website security and related PKI solutions.

Symantec-brand certificates issued after this date will be issued from different roots and will not be affected by Chrome’s distrust.

As an end user, you may notice some small changes in the issuance process.

March,15 (Beta release)

April 17, 2018 (Stable release, the vast majority of Chrome users)

Chrome 66 released, and all Symantec-brand certificates issued before June 1st, 2016, will no longer be trusted by Chrome.

Certificates issued after June 1st, 2016 are not affected in this release.

Replace any Symantec-brand certificates issued before June 1st 2016 by this date.

This can be done by reissuing your certificate for free and installing the new certificate in place of the old one.

If your certificate expires around this time (April-June) you may want to consider renewing it, instead of reissuing, to avoid two replacements within a short time frame.

September 13, 2018 (Beta),

October 23, 2018 (Stable, the vast majority of Chrome users)

Chrome 70 will distrust all Symantec-brand certificates which were issued without the partnership (partnership expected to begin December 1, 2017)

Finish replacing all SSL certificates issued from Symantec’s old infrastructure using any trusted CA or from Symantec’s new partnership.

Failure to install a new certificate will show visitors using Chrome 70 a warning that the website is not trusted.

Action plan

So, in summary: you do not have to perform any actions until Symantec has set up their Managed Partner Infrastructure. They have projected this to take place on 1 Dec, 2017.

NOTE: We will also update all of our affected customers by email, notifying them when they need to undertake action.

Google announces final plan against Symantec

0 min read

Does Google ‘s plan affect you?

Why it is important?

Important dates in Google’s plan

Action plan

Subscribe to our newsletter

Looking for the best Domain Reseller Program?

You are on the right path!