What does this mean?
Starting with Google Chrome version 70, any sites with remaining Symantec certificates will be flagged as untrusted, including those issued after June 1, 2016.
The release schedule for Chrome 70 is below:
- July 20, 2018 (Canary)
- September 13, 2018 (Beta)
- October 16, 2018 (Stable)
Why is this happening?
Google decided to distrust SSL certificates issued by Symantec due to a pattern of questionable certificate issuance practices.
Symantec's PKI business operated under several brand names (Thawte, VeriSign, Equifax, GeoTrust, RapidSSL) which issued certificates without proper oversight or verification.
There had been several high-profile incidents where Symantec was called out for shady behavior so Google decided to drop the hammer and distrust their certificates in Chrome.
After Google announced its decision, Symantec realized their certificates would be pretty much worthless. So they decided to sell off their entire CA business to DigiCert and exit the market.
What do I need to do on my site?
To avoid Chrome browser security warnings about your site not being trusted or secure, replace the Symantec certificate as soon as possible.
DigiCert is offering free replacement certificates for anyone affected by this.