SSL Certificates: Symantec, DigiCert & Chrome Posted on November 24, 2017 SSL Certificates used on websites are supposed to bring credibility and reliability to websites that use them. However, it appears that Google has detailed its plan to drop out support of Symantec-issued certificates in Chrome, on the irony basis that the way Symantec issued these SSL Certificates were questionable. Summary of the Saga If you have already read about the news, you are on the frontier of digital security development. However if you have not heard about it before, not to worry, to summarise the whole drama for you: Google decided to drop the support of Symantec-issued certificates in newer version 66 of Chrome (scheduled for release by April 2018) because the very thing that is supposed to give trust to web users — SSL Certificates, are being issued by Symantec in a questionable way. And the most brilliant, profitable and fastest way of solving this problem? a USD$1 billion sale of the certificate authority (CA) business to Digicert, a much smaller player in the industry (2.2% market share versus 14% market share by Symantec) so that Digicert can fix the procedure that Symantec did wrongly. Hats down to the brilliant minds behind this transaction! The catch really is because the affected SSL Certificates under Symantec include the very popular and old brands of Verisign, Geotrust, Thawte & RapidSSL! No wonder even in such a drama, Symantec is able to fetch USD$1 billion from the sale! How does it impact you? In short, DigiCert shall take over Symantec’s CA infrastructure by next month (December 2017) and to comply with Google’s July ultimatum, DigiCert will run both the PKI infrastructure and the Managed Partner Infrastructure to oversee certificate sales, which means the certificates have to be reissued under DigiCert’s infrastructure before it can be supported by Chrome version 66 upwards. With the reissued certificates, everything will run as usual otherwise your SSL protected website will not run on newer versions of Chrome! What should you do now? If you are using an Unmanaged Service, be sure to check with your SSL seller for instructions to obtain re-issue of the affected certificates. You will then need to reinstall the SSL certificate on your webserver as soon as possible. If you are using a Managed Service, be sure to check with your service provider to find out if any action will be required by you — of course hopefully they are fully aware of this news and have already embarked on the plan of replacing all SSL certificates across their network, including your website, as soon as possible. If you are using SecureAX Managed Service, do not worry, we have everything covered for you already. Just sit back, relax and carry on with your higher value business activities! SecureAX is a Fully Managed Cloud Server provider in Singapore which specialises in high performance and high security platforms. Contact us to find out how we can help you with your Managed Hosting requirements!