Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Security Infrastructure

Vast Majority of Symantec Certificates Already Replaced: DigiCert

Less than 1% of the top 1 million websites have yet to replace Symantec-issued certificates before major browsers distrust them, DigiCert announced this week.

Less than 1% of the top 1 million websites have yet to replace Symantec-issued certificates before major browsers distrust them, DigiCert announced this week.

Last year, DigiCert bought the Certification Authority (CA) business run by Symantec, one of the oldest and largest CAs, after a series of issues observed over the past couple of years triggered major browser vendors to announce plans to remove trust in digital certificates issued by the CA.

Later this year, both Chrome and Firefox will stop trusting certificates issued by Symantec, and others might follow suite. The move will affect all certificates issued before DigiCert acquired the Symantec CA division, including those issued under the GeoTrust, RapidSSL, Thawte, and VeriSign brands.

DigiCert, which said last year it would ensure the newly acquired division won’t repeat previous errors, is determined to help all websites owners get replacement certificates and says the process is nearly complete.

Less than 1% of the top 1 million sites still use Symantec-issued certificates that will be affected by upcoming browser distrust action. According to DigiCert, it is ready to help their owners get replacement certificates before the beta releases of Firefox 60 and Chrome 66 in the next couple of months.

“Certificates replaced by DigiCert ahead of Chrome 66 distrust timelines will also satisfy Mozilla Firefox requirements,” the company says.

Last year, Google announced plans to distrust all Symantec certificates with the release of Chrome 70, while Mozilla said earlier this week it would make a similar move with the release of Firefox 63 in October 2018.

Advertisement. Scroll to continue reading.

In preparation for this action, DigiCert started issuing trusted certificates for the Symantec, Thawte, GeoTrust and RapidSSL brands on Dec. 1, 2017. Since then, the company has issued millions of certificates, including new and free replacement certificates and says that “the vast majority of Symantec brand certificate holders have taken corrective action.”

To receive replacement certificates, customers need to go through a typical renewal process in the portal where they made the original purchase. DigiCert offers the certificate replacements for free, extended through the original validity period.

A web tool is available to help identify impacted certificates: simply entering a domain name confirms whether it runs a Symantec-issued certificate that needs to be replaced. The tool can help organizations identify any certificate affected by the release of Chrome 70 and Firefox 63 later this year.

All Symantec certificates that were issued before June 2016 are set to be distrusted in Chrome 66 and Firefox 60, set to arrive in April and May, respectively. Certificates Symantec issued between June 1, 2016 and Nov. 30, 2017 will be distrusted in Chrome 70 and Firefox 63, both set for an October release.

“We’ve been working hard for months to make sure that customers are aware of the Chrome and Mozilla deadlines and that they can replace Symantec-issued certificates through us for free. Through comprehensive communications and tools in multiple languages, alongside our partners, we are continuing to provide instructions and the simplest replacement path available for those who still need to act,” Jeremy Rowley, chief of product for DigiCert, said.

All of the certificates that DigiCert has issued for Symantec, Thawte, GeoTrust and RapidSSL brands since Dec. 1, 2017 are fully trusted by the browsers.

Related: Firefox 63 to Distrust All Symantec Root Certificates

Related: 23,000 Digital Certificates Revoked in DigiCert-Trustico Spat

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture


Identity and access governance vendor Saviynt has closed a $205 million financing round.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.


Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Identity & Access

The National Security Agency (NSA) has published a series of recommendations on how to properly configure IP Security (IPsec) Virtual Private Networks (VPNs).