Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Vast Majority of Symantec Certificates Already Replaced: DigiCert

Less than 1% of the top 1 million websites have yet to replace Symantec-issued certificates before major browsers distrust them, DigiCert announced this week.

Less than 1% of the top 1 million websites have yet to replace Symantec-issued certificates before major browsers distrust them, DigiCert announced this week.

Last year, DigiCert bought the Certification Authority (CA) business run by Symantec, one of the oldest and largest CAs, after a series of issues observed over the past couple of years triggered major browser vendors to announce plans to remove trust in digital certificates issued by the CA.

Later this year, both Chrome and Firefox will stop trusting certificates issued by Symantec, and others might follow suite. The move will affect all certificates issued before DigiCert acquired the Symantec CA division, including those issued under the GeoTrust, RapidSSL, Thawte, and VeriSign brands.

DigiCert, which said last year it would ensure the newly acquired division won’t repeat previous errors, is determined to help all websites owners get replacement certificates and says the process is nearly complete.

Less than 1% of the top 1 million sites still use Symantec-issued certificates that will be affected by upcoming browser distrust action. According to DigiCert, it is ready to help their owners get replacement certificates before the beta releases of Firefox 60 and Chrome 66 in the next couple of months.

“Certificates replaced by DigiCert ahead of Chrome 66 distrust timelines will also satisfy Mozilla Firefox requirements,” the company says.

Last year, Google announced plans to distrust all Symantec certificates with the release of Chrome 70, while Mozilla said earlier this week it would make a similar move with the release of Firefox 63 in October 2018.

In preparation for this action, DigiCert started issuing trusted certificates for the Symantec, Thawte, GeoTrust and RapidSSL brands on Dec. 1, 2017. Since then, the company has issued millions of certificates, including new and free replacement certificates and says that “the vast majority of Symantec brand certificate holders have taken corrective action.”

Advertisement. Scroll to continue reading.

To receive replacement certificates, customers need to go through a typical renewal process in the portal where they made the original purchase. DigiCert offers the certificate replacements for free, extended through the original validity period.

A web tool is available to help identify impacted certificates: simply entering a domain name confirms whether it runs a Symantec-issued certificate that needs to be replaced. The tool can help organizations identify any certificate affected by the release of Chrome 70 and Firefox 63 later this year.

All Symantec certificates that were issued before June 2016 are set to be distrusted in Chrome 66 and Firefox 60, set to arrive in April and May, respectively. Certificates Symantec issued between June 1, 2016 and Nov. 30, 2017 will be distrusted in Chrome 70 and Firefox 63, both set for an October release.

“We’ve been working hard for months to make sure that customers are aware of the Chrome and Mozilla deadlines and that they can replace Symantec-issued certificates through us for free. Through comprehensive communications and tools in multiple languages, alongside our partners, we are continuing to provide instructions and the simplest replacement path available for those who still need to act,” Jeremy Rowley, chief of product for DigiCert, said.

All of the certificates that DigiCert has issued for Symantec, Thawte, GeoTrust and RapidSSL brands since Dec. 1, 2017 are fully trusted by the browsers.

Related: Firefox 63 to Distrust All Symantec Root Certificates

Related: 23,000 Digital Certificates Revoked in DigiCert-Trustico Spat

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture