This is a public service announcement and a reminder to site owners. Google’s Chrome browser has already started the process of ending support for Symantec SSL/TLS certificates. This includes companies owned by Symantec including Thawte, Verisign, Equifax, GeoTrust and RapidSSL.
Chrome 66 is ending support for Symantec certificates issued before June 1, 2016 on the following schedule:
- The ‘Canary’ release already ended support for these certificates. It was released on January 20th, 2018.
- The Beta release for Chrome 66 will be released on March 15th.
- The Stable release for Chrome 66 will be released on April 17th.
If you are running a Symantec certificate issued before June 1, 2016, and you do not replace that certificate, then from April 17th onwards this is what your site will look like to site visitors:
As you can see, the error is described as NET::ERR_CERT_SYMANTEC_LEGACY, meaning that your site is using a legacy Symantec certificate that is no longer supported.
Starting with Google Chrome version 70, all remaining Symantec certificates will stop working, including those issued after June 1, 2016. Chrome 70’s release schedule for Canary, Beta and Stable is July 20th, September 13th and October 16th respectively.
To check if your certificate will be affected by this change, you can visit this page and enter your website’s hostname in the form provided: https://www.websecurity.symantec.com/support/ssl-checker.
If your site will have an issue, the page should give you a warning. Make sure you just enter the hostname and remove the https:// prefix and the ending slash.
An alternative way to check if your website will have a problem is to download Chrome’s bleeding edge ‘canary’ version and visit your website. Then check the DevTools in Chrome for any warning message regarding your SSL/TLS certificate.
You can find more info on the official Google Security Blog.
Please help spread the word so that site owners are not caught by surprise when this change goes live next month.