• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

Chrome plans to distrust some 2016 and prior Symantec site security certificates

Jump to latest Follow Reply
Rick Buffkin

Rick Buffkin

Sausage King of Chicago
Oct 29, 2009
729
830
Awards
8
First Name
Rick
#1
Guys,

Just wanted to pass some website security certificate info to you. If your site is using a SSL/TLS certificate from Symantec (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL) that was issued before June 1, 2016, it will stop functioning in Chrome 66 (Beta comes out 3/15/18 and Stable comes out 4/17/18), which could already be impacting your users on the first release.

interstitial%2B-%2B1.png


You can read the entire post here:
https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

You need to check your sites and make sure your not affected.
Heres a checker on Symantec's site. https://www.websecurity.symantec.com/support/ssl-checker
 
Last edited:
  • Useful
Reactions: Alexander Lau
#3
craigh said:
Thankfully most vendors have moved to LetsEncrypt.
We offer a new certificate every 90 days and, as of today, can do wildcard certificates for any landing page subdomains.

LetsEncrypt changed everything by offering SSL certificates at no cost.
Click to expand...
I wouldn't agree that "Most vendors" have moved to Letsencrypt. Sadly most haven't from my experience. Cpanel has at least enabled autoSSL, and theres millions of websites using Cpanel, but its up to web hosts to enable autoSSL or not. If you don't have WHM (Web Hosting Manager) you probably won't have the feature. So still it can be hard to get hold of a free/decent SSL. One solution is to use cloudflare which has a free SSL, but not all browsers accept it. Maybe soon all web hosts will offer letsencrypt, or something similar.
 
#4
Auto Ad Sales said:
I wouldn't agree that "Most vendors" have moved to Letsencrypt. Sadly most haven't from my experience. Cpanel has at least enabled autoSSL, and theres millions of websites using Cpanel, but its up to web hosts to enable autoSSL or not. If you don't have WHM (Web Hosting Manager) you probably won't have the feature. So still it can be hard to get hold of a free/decent SSL. One solution is to use cloudflare which has a free SSL, but not all browsers accept it. Maybe soon all web hosts will offer letsencrypt, or something similar.
Click to expand...

We install LetsEncrypt with automated install scripts, works great - WHM makes it even easier, but agreed that it's not available to everyone.

CloudFlare is another easy solution, but it's always better to install a server-side certificate.
The one downside to CloudFlare is that it's a single point of failure since they decrypt all traffic and re-encrypt between the unencrypted host.
This means that CloudFlare has access to all traffic in plain text, even if the end user doesn't.
Since they're essentially acting as a man-in-the-middle attack on your behalf, we have to trust this 1 single provider to protect everything.
 
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Menu