2 days Ago
Google has extended it’s Chrome digital certificate trust deadline The Chrome security team at Google has confirmed that a major change to how the browser prioritizes the security and privacy of its 3.4 billion users is coming a little later than originally planned. From November 12, a change from the original November 1 deadline, the world’s most-used web browser will no longer trust digital certificates issued by Entrust.
That’s big news as Entrust is one of the world’s largest certificate authorities with customers including worldwide governments as well as the likes of Chase Bank, Dell, Ernst & Young and Mastercard. Here’s what you need to know if you have a website to ensure that your users can still trust that the connection between their browser and the internet is encrypted, as these certificate authorities form the foundation of that trust partnership. Google Takes Your Security Seriously In a September 10 update to a June security blog posting titled Sustaining Digital Certificate Security - Entrust Certificate Distrust , the Chrome security team explained how its Chrome Root Program Policy lays out the minimum requirements for self-signed root certificate authority certificates to allow them trusted inclusion in a default Chrome web browser installation.
This policy states that any CA certificate that is included in the Chrome Root Store “must provide value to Chrome end users that exceeds the risk of their continued inclusion.” However, when things don’t go right with regard to how CA providers disclose and respond to security incidents, Google said, it expects them “to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.” And this, it would appear, is where things have become unstuck in the relationship between Google and Entrust.
Google points to publicly disclosed reports across “the past several years” that, in its opinion, highlight a pattern of concerning behaviors. These behaviors falling short of the expectations laid out in the root program policy. This, Google said, has “eroded confidence in their competence, reliability, and integrity as a publicly-trusted CA Owner.
” Entrust has previously admitted that recent incidents had not been handled in the best way, with its president of digital security solutions, Bhagwat Swaroop, stating at the time how these “did not get reported and communicated in the appropriate way,” and its “ initial stance of not revoking the impacted certificates was incorrect .” Hackers Force Chrome Users To Hand Over Google Passwords. Here’s How Today’s NYT Mini Crossword Clues And Answers For Tuesday, September 17th Sean ‘Diddy’ Combs Arrested In New York After Grand Jury Indictment What Will Happen On November 12? Entrust server authentication certificates that were signed on or before October 31 will continue to be valid until their expiration date, but starting November 12 with the release of Chrome 131 on Android, ChromeOS, Linux, macOS and Windows platforms, Entrust digital certificates will cease to be trusted and users will be presented with a connection not private dialog when trying to connect to the site in question.
Chrome will warn users when connecting to an impacted website In its update, Google said that website admins who are likely to be impacted by the cessation of trust in Entrust certificates can “explore continuity options offered by Entrust.” To learn more about how Entrust is supporting users with this change, customers can visit the Certificate Information Center . Google also said that any Chrome user who chooses to explicitly trust any of the impacted certificates on a version of Chrome relying upon the root store, these certificates will continue to function as normal.
An Entrust spokesperson has confirmed that the decision by Google will not have an impact upon its Verified Mark Certificates, nor code-signing and digital signing, or private certificate offerings. A full listing of the certificates that will be affected, along with a detailed FAQ , has been published by the Google Chrome security team..
