As we have informed you earlier, Google’s next step for Chrome to distrust Symantec SSL certificates is coming very soon. Chrome 70 will distrust all Symantec-brand certificates with an issuance date before the 1st of December 2017.
The approximate dates that this will happen are September 13 (Beta) and October 23 (Stable). This last date is the one that will affect the majority of Chrome users.
By this date, you should have finished replacing all SSL certificates from Symantec’s old infrastructure, using any trusted CA or from Symantec’s new partnership. If you manage Symantec/DigiCert certificates (or any of its brands – RapidSSL, Thawte, or GeoTrust) with an issuance date before the 1st of December 2017, you are going to need to replace your certificates at some point. Below you can find who is affected, why it’s important, and what you should do.
Why is it important?
The Chrome browser is used by about 60% of internet user. A website with a distrusted certificate risks losing a large portion of its audience. Anyone trying to visit a site which has such a certificate will see a “Not Secure” warning in the address bar:
Who is affected?
If you are a current user of Symantec certificates with an issuance date before 1st December 2017, this could affect you. On the 20th July, we also sent out emails to affected resellers. These emails contain a list of the certificates which you need to reissue. You can also find the list of certificates in your SSL Panel in the Notifications block.
Before the 13th of September, you should reissue all affected certificates and reinstall them. Neither Symantec or Openprovider will charge a fee for the reissue of any old certificate. Old certificates will maintain their original expiration dates.