Chrome extends deadlines while DigiCert plans Symantec Web Security acquisition

Chrome extends deadlines while DigiCert plans Symantec Web Security acquisition

In the last two weeks, we’ve seen announcements from Google Chrome, as well as DigiCert and Symantec, that may affect you as user of Symantec, GeoTrust, Thawte or RapidSSL certificates, over the next few months.

Read on to find out more about what has been announced and how to take action if your SSL certificates will be affected.


What was announced?

On July 28th, Google’s Chrome proposed an updated timeline for the mistrusting of affected SSL certificates.

  • From March/April 2018, SSL certificates issued before June 1, 2016 by Symantec, and all the brands it operates, will no longer be trusted by Chrome (version 66)
  • From September/October 2018, all SSL certificates issued before December 2017 (read more below) by Symantec, and all the brands it operates, that do not comply with existing Chrome requirements will stop being trusted by Chrome (version 70)

On August 2nd, it was announced that DigiCert will acquire Symantec’s web security business and related PKI solutions.

  • From December 1, 2017, DigiCert will take over the validation and issuing of all SSL certificate brands currently under Symantec
  • The acquisition is expected to be completed by Q3 of fiscal 2018

Symantec Chrome Timeline


Why December 2017?

Chrome will require that all Symantec-chaining certificates be issued by independently operated third parties – referred to as partner CAs or managed CAs – no later than December 1, 2017.

This was described as a new Managed Partner Infrastructure in the Chrome proposal, which we now know will be handled entirely by DigiCert.

As it stands, certificates issued before the handover of validation and issuing to DigiCert will be mistrusted by Chrome (version 70) in September/October 2018.

While the deadline has been extended by Google, our recommendation for you to replace your affected certificates still stands.


SSL247® recommends that you replace your SSL certificates no later than:
  • March 1, 2018 for certificates issued before June 1, 2016
  • September 1, 2018 for certificates issued before December 1, 2017


If you have already replaced your affected certificates or know that you do not have any affected certificates, please skip to the bottom for a list of links to additional information.


How do I know if my certificates will be affected? – SSL247® Clients

If you are a client of SSL247®, you can check whether any of your certificates need attention via your MySSL® platform.

Simply log in here and navigate to ‘My SSL Certificates’ and then ‘Requires Re-issue’ on the left-hand navigation menu.



This will show you if you have certificates issued before June 1, 2016 that will be affected.

If you have certificates that require re-issuing, you can either:

  1. Follow this guide to re-issue your certificates

  2. Contact your Account Manager to discuss the best solution for your SSL certificates

How do I know if my certificates will be affected? – Non-SSL247® Clients

If you would like more information or to discuss the status of your SSL certificates, get in touch with our Web Security Consultants at the contact details below.

    +45 (8) 082 0060 (London office)
   sales@ssl247.dk



Read our previous blog post: Google's proposal on SSL certificates issued before June 1, 2016.

Links to additional information:

  1. Chromium July 28 Proposal Updates
  2. Symantec on the acquisition by DigiCert
  3. DigiCert on the acquisition of Symantec

Del dette:

Sendt den Friday 11 August 2017 af Julliette Mugniery

Tilbage til blog

Send os dine kommentarer


Din kommentar vil ikke blive offentliggjort. Hvis du har et spørgsmål, så husk at angive din e-mailadresse, så vi kan vende tilbage til dig!