Chrome and Firefox to Distrust Symantec’s SSL Certificates by the End of 2018

SSL certificates are responsible for ensuring a secure HTTPS connection between the user and a website.

After the HTTPS connection has become imperative for every website, SSL certificates also need to comply with the existing security requirements and practices in relation to validation and issuance procedures.

As usual, the leading web browser providers – Google (Chrome) and Mozilla (Firefox) have initiated a significant debate.

Their security teams detected flaws in the SSL certificates issued by one of the leading certifying companies – Symantec. The flaws are observed in the issuing authority’s infrastructure as obviously there are certain standards and practices not followed in the issuance and validating processes.

Symantec is a leading certificate issuing authority which uses a few well-renowned brands – RapidSSL, GeoTrust and Thawte. All certificates issued by these brands are now compromised.

During the discussion of the actions and measures necessary for fixing the flaws, the Symantec SSL certificates’ business was acquired by another leading company in the field – DigiCert.

As a leading provider of SSL/TLS solutions DigiCert will offer up-to-date, fast and secure infrastructure that can comply with all the requirements and standards for the issuance of SSL certificates. After the acquisition of Symantec, DigiCert announced that as of December 1, 2017 all certificates will be reissued trough the new infrastructures as the service will be completely free.

DigiCert is already reissuing certificates for Symantec customers as of December 1, 2017. The SSL certificates issued by DigiCert after this date are fully supported and trusted by Chrome and Firefox.

After numerous discussions concerning the compromised certificates, Google and Mozilla set up a strategy for distrusting Symantec.

The strategy’s final goal will be reached when by the end of 2018 the two browser’s latest versions will completely distrust the Symantec certificates.

Google and Mozilla’s Strategies for the Symantec Certificates

Although the two strategies have the same target and final date, their implementation differs a bit.

Chrome’s Plan to Distrust Symantec Certificates

  • Chrome 62 (October 2017) allows you to see if there are deficiencies in the certificate and it will be distrusted in Chrome 66; the notification is visible in Dev Tools;
  • Chrome 66 (April 2018) will remove trust in Symantec-issued certificates issued prior to June 1, 2016;
  • Chrome 70 will be released in October 2018 as it will fully remove trust in Symantec’s old infrastructure and all of the certificates it has issued.

Mozilla Firefox’s Plan

  • Firefox 58 (January 2018 ): Notices in the Developer Console will warn about Symantec certificates issued before June 1, 2016;
  • Firefox 60 (May 2018): Websites will show an untrusted connection error if they have a certificate issued before June 1, 2016;
  • Firefox 63 (October 2018): Distrust of Symantec certificates issued through the old infrastructure.
Symantec certificates issued before December 1, 2017 will be completely distrusted by Chrome and Firefox by the end of 2018.

How to Reissue a Symantec SSL Certificate?

Important: Reissuing is required only for certificates issued before December 1, 2017 by Symantec, GeoTrust, RapidSSL, Thawte. If the issuing authority is different, there is no need to reissue the certificate.
There is plenty of time to reissue each compromised certificate by the end of 2018. If the certificate has been purchased from SuperHosting.BG with the brand of Symantec, RapidSSL or Geotrust, you can submit a request for reissuing it by going to your customer profile SSL CertificatesDetails -> Reissue SSL certificate. There is no need to reissue SSL certificates issued after December 1, 2017.
All customers of SuperHosting.BG who have purchased compromised certificates are informed in advance by email for this as we already sent reissuing guidelines.

You can submit a request for reissuing your SSL certificate by going to your customer profile and accessing menu SSL Certificates. Select the Details option right next to the certificate. Click on Reissue SSL certificate and follow the steps.

Reissue a certificate through the client account

You do not need to enter any information to reissue the certificate. After clicking on Reissue, you will receive a verification email to confirm reissuing the certificate.

Important: Due to the current huge number of requests, DigiCert announced that there might be a slight delay in receiving the verification emails with up to 3 days. After submitting a request for reissuing your certificate, you might need to wait up to three days before receiving the verification email.

Reinstalling the New SSL Certificate in cPanel

After the certificate has once been issued, you will only need to reinstall it.

Install and Manage SSL for your site (HTTPS) in cPanel

If you are using cPanel, you can install the new certificate by going to SSL/TLS -> Install and Manage SSL for your site (HTTPS) and click on Manage SSL sites.

To install a new certificate go to Install an SSL Website section and select the domain from the drop-down menu. Enter the new code in the following three fields CRT, KEY, CABUNDLE and finish the installation with Install Certificate. You will see a message that the certificate has been successfully installed.

Madlena Metodieva
Madlena Metodieva
Madlena is our super-support-guru. Madlena's SuperPower is that she can explain even the most complicated technologies in plain language.
0 0 votes
Notify of

Inline Feedbacks
View all comments
Домейни на СуперЦени!
Избери сега!