Google Chrome timeline for Symantec SSL discontinuation

9 October 2017

On September 11th 2017 - Google published their final plan for the discontinuation of the support of Symantec SSL certificates, in which they also mentioned the role of DigiCert.

The issue between Symantec and Google

Due to several incidents with Symantec certificates over the last few years, Google has lost trust in Symantec’s PKI infrastructure. The aim of the following negotiations between them was to restore relations, while Symantec SSL certificates of customers remained trusted in Google Chrome.

Solution

A solution was made at the end of July. Part of this solution is transferring the certificate issuance to the CA DigiCert step by step. Symantec sold the CA division to DigiCert.

Transition schedule

DigiCert will start issuing Symantec certificates from December 2017. Symantec certificates issued from the new DigiCert infrastructure, will be fully supported in future versions of Google Chrome. Symantec certificates issued from the old VeriSign root will be unsupported in Chrome from April 2018. Symantec SSL certificates issued from the old PKI infrastructure need to be replaced from March 2018. Google provided a detailed timeline for the next 12 months, the plan applies to GeoTrust and Thawte certificates too. The plan is as follows:


Symantec Google timeline

I have Symantec certificates, what should I do?

If there is action required for one or more of your Symantec certificates, we will inform you via email about the free exchange options before the deadline. As expected you may start reissuing your Symantec certificates from December 1st, 2017. Eventually all certificates issued by Symantec will need to be replaced - therefore we advise you to start replacing them as soon as possible. An alternative to this is switching to another brand. You may already replace your certificates at no costs for similar Comodo certificates. Please contact us if you would like to use this option.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues