Replacing Symantec Certificates

Checking Symantec Certificates

If you’ve been paying attention to cybersecurity news recently, you might be aware of Google’s plan to start distrusting digital certificates provided by major certificate authority Symantec. Essentially, a digital certificate is designed to verify ownership of a particular site, and allows visitors to open up a secure, HTTPS-enabled connection to the site. Certificates are provided by a number of certificate authorities, of which Symantec is one of the biggest.

There’s a lot of standards to be met when it comes to registering a digital certificate - the certificate essentially acts as a statement of trust in the site. However, it’s come to light that some of Symantec’s brands appear to be issuing certificates without checking that these standards are met - the blog linked above contains more information on this.

As such, Google have recently announced that they plan to distrust certificates issued by Symantec prior to June 2016 in Chrome (expect Firefox and other browsers to follow) with the release of Chrome 66 (scheduled for March/ April 2018), while Symantec work to improve their standards and infrastructure.

We currently use Symantec certificates for several of our services, but are working to replace all affected certificates. We’ll have completely changed over all relevant certificates far in advance of the launch of Chrome 66, ensuring that there’s no disruption to our services.

If you’re using a Symantec-issued certificate, you may need to contact your certificate issuer to have it reissued - though as far as we’re aware, few if any of our customers should be affected by the problem.