1. Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.
    Dismiss Notice

Chrome plans to distrust some 2016 and prior Symantec site security certificates

Discussion in 'Off Topic & Everything Else' started by Rick Buffkin, Mar 13, 2018.

This forum sponsored by...
  1. Rick Buffkin

    Rick Buffkin
    Expand Collapse
    Sausage King of Chicago

    First Name:
    Rick
    Dealer or Company Name:
    Beaman Automotive Group
    Joined:
    Oct 29, 2009
    Messages:
    425
    Likes Received:
    166
    Location:
    America
    Guys,

    Just wanted to pass some website security certificate info to you. If your site is using a SSL/TLS certificate from Symantec (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL) that was issued before June 1, 2016, it will stop functioning in Chrome 66 (Beta comes out 3/15/18 and Stable comes out 4/17/18), which could already be impacting your users on the first release.

    [​IMG]

    You can read the entire post here:
    https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

    You need to check your sites and make sure your not affected.
    Heres a checker on Symantec's site. https://www.websecurity.symantec.com/support/ssl-checker
     
    Collapse Signature Expand Signature
    #1 Rick Buffkin, Mar 13, 2018
    Last edited: Mar 13, 2018
    • Useful Useful x 1
  2. This forum sponsored by...
  3. craigh

    craigh
    Expand Collapse
    Super Moderator

    First Name:
    Craig
    Dealer or Company Name:
    Vicimus Inc
    Twitter Handle:
    craighooghiem
    Joined:
    May 19, 2011
    Messages:
    1,379
    Likes Received:
    481
    Location:
    Ontario, Canada
    Thankfully most vendors have moved to LetsEncrypt.
    We offer a new certificate every 90 days and, as of today, can do wildcard certificates for any landing page subdomains.

    LetsEncrypt changed everything by offering SSL certificates at no cost.
     
    Collapse Signature Expand Signature
    • Useful Useful x 2
  4. Auto Ad Sales

    Auto Ad Sales
    Expand Collapse
    Noob

    First Name:
    Oliver
    Joined:
    Mar 16, 2018
    Messages:
    4
    Likes Received:
    0
    Location:
    Milford, CT
    I wouldn't agree that "Most vendors" have moved to Letsencrypt. Sadly most haven't from my experience. Cpanel has at least enabled autoSSL, and theres millions of websites using Cpanel, but its up to web hosts to enable autoSSL or not. If you don't have WHM (Web Hosting Manager) you probably won't have the feature. So still it can be hard to get hold of a free/decent SSL. One solution is to use cloudflare which has a free SSL, but not all browsers accept it. Maybe soon all web hosts will offer letsencrypt, or something similar.
     
  5. craigh

    craigh
    Expand Collapse
    Super Moderator

    First Name:
    Craig
    Dealer or Company Name:
    Vicimus Inc
    Twitter Handle:
    craighooghiem
    Joined:
    May 19, 2011
    Messages:
    1,379
    Likes Received:
    481
    Location:
    Ontario, Canada
    We install LetsEncrypt with automated install scripts, works great - WHM makes it even easier, but agreed that it's not available to everyone.

    CloudFlare is another easy solution, but it's always better to install a server-side certificate.
    The one downside to CloudFlare is that it's a single point of failure since they decrypt all traffic and re-encrypt between the unencrypted host.
    This means that CloudFlare has access to all traffic in plain text, even if the end user doesn't.
    Since they're essentially acting as a man-in-the-middle attack on your behalf, we have to trust this 1 single provider to protect everything.
     
    Collapse Signature Expand Signature

Share This Page

This forum sponsored by...