Obsolete SSL certificates: is your website affected?

#Security 04.25.2018 2min Last update : 10.25.2020

By the end of 2018, security certificates issued by Symantec before December 2017 will no longer be considered reliable by the latest versions of Chrome and Firefox. Thousands of websites using SSL (Secure Sockets Layer) certificates could become inaccessible. So now, companies affected need to get hold of new certificates.

On April 17, 2018, Google announced its plans to roll out a new version of its web browser. The American tech giant warned that Chrome 66 would reject all SSL/TLS Symantec certificates issued before June 1, 2016, as well as all certificates from all of Symantec’s brands, such as Thawte, Geotrust, and RapidSSL. Come October 2018, all certificates issued before December 1, 2017 will be obsolete.

Symantec* SSL certificates rejected by Google and Mozilla

Google believes that the procedures used to issue Symantec certificates are flawed. The Mountain View-based company won’t be the only one to disown them. In fact, Mozilla has also announced that no Symantec certificates will be compatible with Firefox 63, planned for release in October 2018.

These decisions will have a major impact on businesses, given that Chrome and Firefox are so popular. In December 2017, Chrome reported its global market share to be more than 60% in terms of pages visited, as counted by StatCounter. Mozilla, on the other hand, announced a 44% increase in Firefox downloads compared to the year before.

SSL certificates – an absolute must

When it comes to security, a website needs to offer a number of guarantees to give users peace of mind. One of these guarantees is provided by SSL certificates, issued by a recognized certificate authority. SSL certificates are associated with a certain domain name or an organization. They provide certainty in establishing the link between a website and its owner, allowing the site to be authenticated and electronic communications to be secured.

Better security, better referencing

Google has been making efforts to increase web security for a few years now. HTTPS, for example, allows sites to improve their referencing by securing their data communications. With Symantec certificates losing recognition over the course of the year, site administrators now need to find another way to provide a high level of security to web users.

Finding a new trusted certificate authority

A study of the top 100 websites visited in France revealed that 16% will become inaccessible from October 16, once their certificate is no longer recognized. Sites have to be secure these days; it’s essential to a company’s brand and its credibility toward visitors. Companies affected now need to find a new service provider to overcome the loss of trust that Google and Mozilla have in Symantec as a certificate authority.

Verification and certification procedures that users can rely on

For more than 17 years, CertEurope has been a certificate authority that meets the most stringent security requirements, complying with French security standards as well as eIDAS and CA/Browser Forum regulations. CertEurope provides authentication and data communication security solutions for web servers, creating an environment for your online services that users can trust. Watch our webinar on demand and find out more about our website security solutions.

Is your site affected?

To check whether your website is affected and to find out what to do next, download and install Chrome Canary – a version for developers that contains the latest features. If an error message like the one below appears once you try to access your website, you know that you need to act now.

*Symantec’s SSL certification business was acquired by DigiCert in October 2017. in doing so, DigiCert also assumes all the disputes associated with certificate-issuing procedures for websites.