View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

If Your Company Website “Breaks” Tomorrow, Here’s Why – and How to Fix It

Notification follows spat last year between Google and Symantec over credibility of public key infrastructure (PKI).

By CBR Staff Writer

Tomorrow (April 17) marks a deadline for businesses to replace security certificates issued by Symantec before June 1, 2016. Failure to replace the certificates will result in site breakage in upcoming versions of major browsers, including Chrome – version 66 of which is scheduled for release tomorrow – and Mozilla Firefox.

Any such “breakage” will result in a notification like this.


This notification is the result of a decision made last year by Google’s Chrome team to ultimately remove trust in legacy Symantec infrastructure, “in order to uphold users’ security and privacy when browsing the web.”

It came after a January 2017 public posting to the newsgroup highlighted “questionable” website authentication certificates.

These had been issued by Symantec Corporation’s then public key infrastructure (PKI) arm; whose Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL Certificate Authorities had issued numerous certificates non-compliant with  industry CA/Browser Forum Baseline Requirements.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Symantec reacted with fury at the time, before ultimate deciding to wash its hands of the problem and sell its PKI business to DigiCert for $950 million in August 2017.

DigiCert took over validation and issuance for all Symantec Website Security SSL/TLS certificates, including its subsidiary CAs: Thawte, GeoTrust, and RapidSSL.

“Going forward, all new and reissued Website Security certificates are issued by DigiCert (using one of our trusted roots) and are trusted by Google Chrome” DigiCert notes, adding: “The new certificate chain DigiCert created does not interfere with your current certificate trust among browsers. The chain also establishes trust for your replacement certificate with Google Chrome (and other browsers) going forward.”

Symantec declined to comment.

Clearly not all websites use legacy Symantec certificates, not all web users Chrome or Mozilla browsers, so the problem is limited in scale.

Security researcher Arkadiy Tetelman estimated earlier this year that some 10,000 websites would be affected by Chrome 66 in April and a further 90,000 will get distrusted with Chrome 70 in October. (Some big names, including and would be affected, he found).

Google said in an update posted to its blog: “If your site is using a SSL/TLS certificate from Symantec that was issued before June 1, 2016, it will stop functioning in Chrome 66, which could already be impacting your users.”

If you are uncertain about whether your site is using such a certificate, you can preview these changes in Chrome Canary to see if your site is affected. If connecting to your site displays a certificate error or a warning in DevTools as shown above, you need to replace your certificate. DigiCert has a handy guide to doing so here.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.