Chrome 70 release: At the end of July 2017, the Google Chrome team and the PKI community decided to reduce, and ultimately remove, trust in Symantec’s SSL certificates (including those under brand names Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL) issued prior to their transition to issuance of publicly-trusted certificates via their independently-operated Managed Partner Infrastructure (DigiCert).
While no flaw has been found in the security of the certificates themselves, Symantec has offered replacements for all certificates issued with previous Symantec authentication PKI which will need to be reinstalled to your website to ensure changes in Chrome and Firefox do not show your site as untrusted.
The time for these changes are now ….
So, What Do YOU Need to Do?
To stay compliant and show as secure across all browsers, all SSL Certificates will need to get the new DigiCert roots implemented before these key dates:
Beta Release of Chrome 70: September 13th, 2018
Full Release of Chrome 70: October 16th, 2018
Nerdster clients have been advised if their SSL needs to be replaced and the time is quickly approaching where you will know if your ssl is not secure.
It is only necessary to replace your certificate once to comply with the requirements of all browsers. When you receive your free replacement from DigiCert, it will be issued from our root certificates, which are widely trusted by end-user devices. If you have already replaced your certificate to comply with Google Chrome’s requirements, you are already compliant with the requirements from Apple and Firefox. No further action is needed.
Note that this distrust applies to the root certificates owned by Symantec. If you have replaced those certificates and have Symantec-brand certificates issued from DigiCert roots, they are not affected.