Chrome SSL certificate issue

The issue

Google have decided to “deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL)“. This comes after “Symantec had entrusted several organizations with the ability to issue certificates without the appropriate or necessary oversight”.

What does that mean for me?

If you are affected by this then your website SSL certificate won’t work for Chrome version 70 or later and visitors are going to see an ugly warning like the one below.

ssl error

Not good! The first beta of Chrome 70 is expected in September.

How do I know if I am affected?

  • Start Chrome.
  • Navigate to the https version of your website.
  • Go to Developer tools (View>Developer>Developer tools from the menu bar) and look at the Console.
  • If you see something like the below, then you are affected.

ssl cert

My https://www.perfecttableplan.com website was affected (it uses a Geotrust SSL certificate provided by my ISP, 1&1). But my https://www.hyperplan.com website was not affected (which uses a Godaddy SSL certificate).

On my Windows development machine Eset anti-virus seems to override the SSL certificate used by Chrome, so the console message did not appear. But it did appear in Chrome on my Mac. So you probably want to check from more than one computer.

What can I do about it?

Get your certificate re-issued. This was fairly straightforward with my hosting provider 1&1.

Final thoughts

As an owner of a small software business I spend too much time dealing with annoying crap like this. Symantec, I have always hated your bloated software. But now you officially suck.

Also, is it any wonder digital certificates are such a rip-off when one company is allowed to own so much of the market?

 

6 thoughts on “Chrome SSL certificate issue

  1. Hristo

    I’ve moved all my sites to the Letsencrypt free SSL certificates and so far I am pretty happy with them. Your blog also uses them and I guess there’s no need to purchase SSL certificates these days.

    I wouldn’t mind if we can get free code signing certificates on day…

    Reply
  2. Andy

    Symantec were rubbish when they were previously known as Norton. As you say, bloated crap offering little in the way of protection that hogged resources. A richly deserved public bollocking.

    Reply

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s