On October 31, 2017, DigiCert, Inc. acquired Symantec Corporation the business of providing and supporting Symantec’s Website Security and PKI products and services. All CAs like Thawte, Symantec, RapidSSL and GeoTrust will be issued using DigiCert infrastructure starting at 1st DEC 2017. That was done to prevent any conflicts with Google.
GoGetSSL is sure that its a great news to all, since together Symantec and DigiCert would increase quality of services, products provided globally and would lead the SSL market for many upcoming years. It is very sad to observe managed actions by many other CAs trying to grab/snatch at least some customers from Symantec during Google distrust problem. Symantec was and stays one of the most professional CA in the World.
Google Proposal Background
On July 27, 2017, Google posted a time-sensitive plan regarding Symantec-issued SSL/TLS server certificates. There are critical dates that will impact your operations:
- On or around March 15, 2018 (Chrome 66 Beta) Google Chrome will show a warning for sites secured with SSL/TLS certificates issued before June 1, 2016. Your security is not at risk and data encryption will function normally, but your site visitors will be disrupted by a warning in Chrome.
- Google Chrome has also stated that all Symantec certificates must be issued from a new infrastructure as of December 1, 2017 and SSL/TLS certificates that had been previously issued from Symantec’s current infrastructure will not be trusted starting on or around September 13, 2018 (Chrome 70 Beta).
On August 1, 2017, Mozilla stated that it intends to follow the timeline proposed by Google and Google reconfirmed the plan above in its most recent post on September 11, 2017.
What action is required
Symantec certificates issued prior to June 1, 2016 must be replaced by March 15, 2018. GoGetSSL will replace all affected orders during 8th January 2018 for free. Follow us on Twitter for more updates. Some considerations:
- The approval email for domain validated orders that is automatically generated by the system cannot be suppressed, so you’ll want to perform some outreach to your customers before initiating the bulk replacements
- In most cases, the existing CSR information can be re-used. The exception to this are IIS servers; we can identify the server types of the impacted certs for you
- In most cases, the prior authentication work can be used to process the order, resulting in a very quick issuance
- If any error codes are displayed for certain certificates, we can assist you with troubleshooting
Certificates That Should be Reissued Later
Some customers will have certificates that should be reissued by our Certificate Authority partner, DigiCert, once it begins operations on our behalf on or before December 1, 2017. As we assess the implications of Google’s proposal and upcoming dates, we do not believe you need to take action on additional certificates until that time.
We will provide a progress update as soon as we have more information, and specific recommendations on the best timing to reissue your remaining certificates.
Official DigiCert statement
Official Symantec statement