Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Google Sets Deadline to Replace Symantec Website Certificates

    By
    JAIKUMAR VIJAYAN
    -
    September 13, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Chrome Symantec Certificate Deadline

      Google this week announced a final timetable for withdrawing support in the Chrome browser for websites that use Symantec-issued authentication certificates.

      The timetable gives organizations that are using Symantec authentication certificates to replace them or risk having their sites flagged as unsafe by the Chrome browser after the final deadline passes.

      In an announcement on Google’s Security Blog, members of the Chrome security team posted a timeline indicating the exact dates by which site operators will need to obtain new certificates from any certificate authority that is trusted by Chrome.

      Google’s schedule gives site owners up to March 15, 2018 to replace Symantec Transport Layer Security (TLS) certificates that were issued before June 1, 2016. By mid-September next year, those sites with Symantec certificates dated after June 1, 2016 will need to replace them as well with new ones from either Symantec or any other certificate issuing vendor.

      Starting with release 70 of Chrome on Sept 13, 2018, the browser will distrust all existing Symantec- issued TLS certificates.

      This week’s blog post is designed to give website owners actionable information about the steps that Google has said it will take after an investigation earlier this year prompted questions about Symantec’s diligence in issuing certificates to site owners.

      As a so-called Certificate Authority (CA), Symantec is one of several companies worldwide entrusted with the responsibility for issuing the cryptographic certificates, which are used to authenticate websites.

      Browsers such as Chrome use these certificates to verify the identity of websites and to make sure that a site, which purports to belong to a specific internet domain, actually does belong to it. Sites that are properly authenticated and deemed safe usually have a green padlock or some other similar icon in the URL bar.

      Improperly issued certificates can have critical consequences and among other things allow threat actors to spoof legitimate sites. A threat actor that managed to obtain a mistakenly issued digital certificate for Google.com for instance could spoof a Google site that would be trusted implicitly by all major browsers. This would allow the threat actor to use the spoofed site to distribute malware to website visitors.

      In January, security engineers at Mozilla, the organization behind the Firefox browser publicly reported what they described as serious irregularities in Symantec’s handling of the certificate issuance process. The researchers noted that they had come across several instances where Symantec had wrongly issued certificates for specific domains without any authorization from the domain owners.

      A subsequent investigation by Google showed that Symantec had improperly allowed four third parties to access its digital certificate issuance infrastructure and issue certificates on its behalf. Google claimed its investigation showed that Symantec in its role as a CA had allowed 30,000 certificates to be improperly issued, even as Symantec itself pegged the number at 127.

      The disclosures this year about problems with Symantec’s certificate issuing process marked the second time since October 2015 that the company was caught doing the same thing. In the 2015 incident, Symantec admitted that it had improperly issued a total of 23 test certificates covering five organizations, including Google and Opera.

      Google has claimed that its decision to distrust—or deprecate—all Symantec’s certificates stems from the company’s systemic failure to follow industry norms. Google has said the only way Chrome will be allowed to trust Symantec certificates again is if the certificates are issued from a completely new infrastructure and with proper oversight.

      At least partly as a result of the pressure from Google, Symantec in August sold its digital certificate business to DigiCert for just under $1 billion and a 30 percent stake in the common stock of the company.

      Current plans call for DigiCert to start issuing new certificates to Symantec customers starting later this year. Google says DigiCert is one of the authentication certificate authorities that Chrome will continue to trust after Sept. 13, 2018.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×