Netpluz Security Advisory: Distrust on Symantec Certificates

April 10, 2018

Dear Valued Customer,

We have received an advisory about the two major browsers, Mozilla Firefox and Google Chrome about gradually distrusting of all Symantec-issued Certificates.

This is due to failed compliance with the industry standards set by the Certificate Authority Browser Forum.

Mozilla Firefox and Google Chrome Browser have already started the process of ending support for Symantec SSL/TLS Certificates.

For Symantec certificates issued before June 1, 2016,

Mozilla:

Firefox 58 – starting January 2018 has been displaying notices on the browser to warn about the Symantec Certificate

Firefox 60 onwards – Release on May 9, 2018

Chrome 66 is ending support based on the following schedule:

Canary release already ended support. Released on Jan 20, 2018

Chrome 66 Beta released on March 17, 2018

Stable released of Chrome 66 will be released on April 17, 2018

Affected Website:

Websites that are using Symantec SSL/TLS Certificates. This includes companies owned by Symantec(Thawte, Verisign, RapidSSL, Equifax and GeoTrust)

Impact:

Users visiting the affected websites thru browser Mozilla Firefox and Google Chrome will encounter SSL certificate error and will no longer access the content of the website.

Recommendation:

Those website administrators who use Symantec SSL/TSL Certificate should obtain a new certificate from any of the trusted

Certificate Authorities (CAs) such as GoDaddy or GlobalSign. This is to ensure that their website will still be accessible.

To check if your website is affected, you can download Chrome’s bleeding edge ‘canary’ version and visit your website.

Then check the DevTools in Chrome under Security for any warning message regarding your SSL/TLS certificate.

 

Reference:

https://www.csa.gov.sg/singcert/news/advisories-alerts/advisory-on-distrust-of-symantec-issued-certificates

https://www.wordfence.com/blog/2018/03/chrome-symantec-distrust-certificates-ssl-tls/

https://cabforum.org/members/  for a list of CAs.