Cyber Security

Are You Still Using a Legacy Symantec Certificate? If You Are, Time is Running Out!

This ought to be old news, but I came across a site today, still using a 2017-issued Symantec certificate.

Plans by browser providers to deprecate trust in legacy Symantec certificates have been well publicized with plenty of notice for site owners and operators to ensure they have an up-to-date, trusted certificate (google announcement: Mozilla announcement:

There’s more detail on the issues here on the Mozilla wiki.

Although the deprecation has, in theory, already happened, the practical enforcement has been a rolling process, so even if your sites worked after the browser version upgrades you may not be in the clear.

Certificates affected by the deprecation of trust will show insecure warnings to users even though the certificate apparently checks out when inspected – that is because it is the Certificate Authority which is distrusted and not the certificate itself being broken or revoked.

It is important for the continued trustworthiness of Internet sites that there is a mechanism to remove problematic certificates from the realm of that trust, and it is also important for site owners and operators to keep themselves up-to-date and aware of potential issues that might undermine trust in their systems and businesses.

Digicert has taken over validation and issuance for Symantec, Thawte, GeoTrust and RapidSSL certificates. You can find out more about replacing your certificates here:

Show More
Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.