INFORMATIONAL: CWS and Managed PKI for SSL - Identify Certificates Impacted by Potential Chrome Distrust

Alerts ID:    ALERT2530    Updated:    04/18/2018

Severity

Information

Description

Google Chrome and Mozilla Firefox each have plans to remove trust of all legacy Symantec SSL/TLS certificates issued under the Symantec infrastructure. Websites secured with these legacy Symantec SSL/TLS certificates trigger security warnings in Chrome and Firefox:
 

 

More detail from Google and Mozilla:

Google security blog
https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

Mozilla security blog
https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates


Microsoft and Apple also plan to distrust legacy Symantec SSL/TLS certificates later this year. Detailed plans and schedule are not yet available.

Symantec TLS/SSL certificates affected by browser distrust are based on their issuance date. Refer to this table and check your certificate inventory for certificates at risk of potential distrust.


Also distrusted - Certificates issued from the legacy Symantec root hierarchy on or after December 1, 2017
For uninterrupted business continuity, some Managed PKI for SSL customers continue to issue certificates from the legacy Symantec root hierarchy after the December 1, 2017 switch to the DigiCert hierarchy. These certificates are already distrusted by Google Chrome. Other browser vendors have not yet announced distrust plans.
 

To identtify impacted certificates:

Complete Website Security: Find certificates impacted by potential Chrome distrust

Managed PKI for SSL: Generate a real-time report to identify certificates impacted by potential Chrome mistrust

 

Find Answers