Verify Your Symantec SSL Certificates ASAP
Website owners who use SSL certificates purchased from Symantec prior to June 1, 2016 will need to replace them soon, or site users will begin seeing the warning show below. This includes SSLs issued from companies owned by Symantec, including Thawte, Verisign, Equifax, GeoTrust, and RapidSSL.
The Chrome v66 browser, which arrives mid-April, and Firefox v60, coming in May, will both display the above warning. Other browsers will most likely follow shortly. In October 2018, new versions of Chrome and Firefox will completely remove support of any kind for affected certificates.
The major players in this scenario are Google (makers of Chrome) and Mozilla (makers of Firefox) on the browser side, and Symantec and DigiCert on the SSL side. DigiCert has purchased Symantec’s certificate-issuance division and is currently working with Google and Mozilla to repair the situation.
If your website’s URL begins with https:// then you are using an SSL certificate. To check it’s validity, you may visit the link below. Enter only your domain name (the www.name.com part) to see if your current certificate will remain valid, or if it will need to be replaced: The link is:
A series of poor decisions and misplaced trust in 3rd party outsourcing resulted in Symantec issuing thousands of faulty SSL certificates. More than once. This isn’t a spur-of-the-moment event, rather it is a joint decision made by the major browser manufacturers, put in place over time, in an effort to maintain consumer confidence in the SSL certificate system in general.
The ‘What The Heck Do I Do’:
If you have a valid SSL, then you should be good to go. It wouldn’t hurt to re-check closer to October, though, just to be on the safe side. If you get the dreaded ‘you must replace’ message, you have a couple of options:
- DigiCert is offering to replace all Symantec-issued certificates (including those issued by the subsidiaries listed above) for free. To claim your free replacement, visit this link (the sooner the better): https://www.digicert.com/replace-your-symantec-ssl-tls-certificates/
- If you prefer, you may request that your website host replace the SSL certificate with one from another company. There’s no guarantee that this will be free, however. Discuss your options with your hosting provider.
If all of this is more than you want to deal with, contact Diamond Mind Web Design for help at (417) 496-9905.
The Other Stuff:
For more information regarding the contents of this post, please view the following articles:
- A list of Symantec’s SSL-related issues: https://wiki.mozilla.org/CA:Symantec_Issues
- Google’s plan/timeline and reasoning: https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
- DigiCert’s take on the situation: https://www.websecurity.symantec.com/en/us/digicert-and-symantec-faq