Legacy TLS certificates issued by Symantec, including those issued by authorities like Thawte, Geotrust, and RapidSSL which used Symantec as a central authority, will be distrusted by Google’s Chrome and Mozilla’s Firefox starting in October, 2018. Apple’s Safari have already partially distrusted these certificates and will distrust the full set of certificates at some point in fall of 2018. Digicert has acquired the Certificate Authority (CA) and its infrastructure, and is issuing free replacement certificates for all affected customers with distrusted SSL / TLS certificates.
If you have already replaced your certificate you have noting to worry about!
Why Is This Happening?
Browser vendors use these certificates to verify that you are connecting to the server you intended. This is done by having a pool of central authorities that ensure a certificate only goes to the rightful owner of a website. Your web browser has a list of trusted authorities stored on it and compares every certificate it comes across to this master list. This means that, in addition to encrypting the data shared between you and the web server, you can be assured that you are communicating with the correct server (and not another server pretending to be the server you want to visit). This prevents actions such as Man In The Middle (MITM) attacks where someone attempts to intercept or alter traffic between a user and a server.
The difficult part of being a Certificate Authority (CA), like Symantec was, is ensuring only the rightful website owner is issued an SSL certificate.
Back in 2016 users noticed that Symantec was issuing certificates that did not follow certain guidelines and this information was posted to a Mozilla security mailing list. This was the latest in a series of problems with the Symantec’s CA. After much discussion between other major CAs, a decision was made to distrust Symantec and remove it as an authority. This decision made all Symantec issued SSL certificates worthless.
If these Symantec issued certificates are not replaced by the October deadline users visiting these websites will receive a warning that the site they are visiting is not trusted.
Can NinjaWP help?
When you partner with NinjaWP to maintain your website, one of the first things we do is run a security audit to make sure things are as up-to-date and rock solid as possible. All security issues are fixed before we tackle content updates and design tweaks.
We don’t typically handle installing SSL certificates on a web server, but we’re happy to offer advice. This is something your web host should be able to do for you very easily.
Get Two Free Website Updates!
Sign-up for our free trial and we’ll complete two changes or updates to your website for no cost and no obligation. Click here to get started.