Chrome developers revealed a roadmap for gradual distrust in Symantec certificates after a large-scale discussion, caused by the fact that Symantec certificates were issued incorrectly.
The plan has been finalized and Google announced that there would be no further revision. Google has indicated that in Chrome 66, all certificates issued by Symantec before June 1, 2016, will be completely distrusted by April 17, 2018, when the new version of the browser will obtain "Stable" status. However, in order to avoid errors, Chrome developers advised to re-issue Symantec certificates before March 15, 2018 - date when the beta version of Chrome 66 will be released. Declared roadmap correlates with earlier statements by Mozilla and Google.
Release of Chrome 66 were chosen to allow site owners enough time to move to new certificates. Symantec certificates issued before June 1, 2016 advised to be changed at the earliest opportunity so that users do not encountered disruptions when visiting affected websites. Depriving trust in Symantec certificates is a necessary measure, because certificates issuance process at that time was poorly managed, therefore certificates may have been issued for fraudulent purposes.
All Symantec certificates issued through their previous infrastructure will no longer be trusted in Chrome 70.
Representatives of leading browsers pointed out that ultimate goal that they trying to achieve is deprecate of trust in all Symantec certificates issued through the old infrastructure. This goal will be accomplished with release of Chrome 70, which will be launched on October 23, 2018 (Stable version). Google developers state that in Chrome 70, only certificates released by Symantec's partner certification authority infrastructure will be marked as trustworthy.
How does Google’s roadmap for Symantec certificates look like?
- October 24, 2017 - the Stable version of Chrome 62 will be released. It will be contain notification of problem with certificates in DevTools.
- December 1, 2017 - Symantec certificates issued in the old infrastructure no longer work in Chrome. At this point, Symantec should have already been issuing certificates through a new partner infrastructure. Those certificates will remain trusted after the release of Chrome 70.
- March 15, 2018 - the beta version of Chrome 66 will be launched. Symantec certificates, issued before June 1, 2016 will be no longer trusted.
- April 17, 2018 - the Stable version of Chrome 66 comes out.
- September 13, 2018 - the beta version of Chrome 70 will be released. Google will remove and distrust all Symantec certificates issued under their old infrastructure will be untrusted.
- October 23, 2018 - the Stable version of Chrome 70 will be released.
Note: all of the above applies not only to Symantec certificates, but also to GeoTrust, Thawte and RapidSSL certificates.
If you are currently own any of these certificates, we recommend you to re-issue them after December 1 (or use certificates from other certifying authorities: for example, Comodo, Entrust). This will allow avoiding any mistakes associated with them in the future.
If you purchased a Symantec / Thawte / GeoTrust / RapidSSL certificate that falls under the re-issue conditions, in our store, we will reissue your certificate at no additional charges.
If you have any follow up questions, please do not hesitate to contact us using contact information provided on our web site.