Translation:
See links:The hyperlink login is visible.
Original translation:
We previously announced plans to oppose Chrome's trust in Symantec certificate authorities, including all Symantec brands such as Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL. This post outlines how website operators can determine if they are affected by this deprecation, and if so, what needs to be done and when. Failure to replace these certificates will result in website breakage in major browser versions that will be released soon, including Chrome. Chrome 66 If your website is using an SSL/TLS certificate issued by Symantec before June 1, 2016, it will stop working in Chrome 66, which may already be affecting your users.
If you're not sure if your website uses such certificates, you can preview these changes in Chrome Canary to see if your site is affected. If connecting to your site shows a certificate error or warning in DevTools as shown below, you will need to replace your certificate. You can get the new certificate from any trusted CA, including Digicert, which recently acquired Symantec's CA business.
An example of a certificate error that Chrome 66 users may see when using older Symantec SSL/TLS certificates issued before June 1, 2016.
If you need to replace your certificate before Chrome 66, you will see a DevTools message.
Chrome 66 has been released to the Canary and Dev channels, which means that the affected websites are already affecting users of these Chrome channels. If the affected websites do not replace their certificates by March 15, 2018, Chrome beta users will also start experiencing such issues. If your website is currently showing errors in Chrome Canary, it is highly recommended that you replace your certificate as soon as possible.
Chrome 70
Starting with Chrome 70, all remaining Symantec SSL/TLS certificates will stop working, resulting in certificate errors, as shown above. To check if your certificate is affected, visit your website in Chrome and open DevTools immediately. You will see a message in the console telling you if you need to replace the certificate.
If you need to replace your certificate before Chrome 70, you will see a DevTools message.
If you see this message in DevTools, you need to replace your certificate as soon as possible. If the certificate is not replaced, users will start discovering certificate errors on your website on July 20, 2018.The first Chrome 70 beta will be released around September 13, 2018.
Expected Chrome release schedule
The table below shows the first Canary, first beta and stable versions of Chrome 66 and 70. The first impact of the release coincided with the first Canary, which steadily grew in audience numbers as the version was released in beta and then finally stabilized. Website operators are strongly advised to make the necessary changes to their websites before the first release of Chrome 66 and 70 for Canada, and no later than the corresponding beta release date.
| released | The first canary | The first beta | Stable release | | Chrome 66 | January 20, 2018 | - March 15, 2018 | - April 17, 2018 | | Chrome 70 | - July 20, 2018 | - September 13, 2018 | - October 16, 2018 |
For information on the release schedule for a specific version of Chrome, you can also refer to the Chromium Development Calendar, which will be updated if the release schedule changes.
To address the needs of some enterprise users, Chrome will also implement an enterprise policy that allows legacy Symantec PKI trustlessness to be disabled starting with Chrome 66. As of January 1, 2019, this policy will no longer be available and Legacy Symantec PKI will be distrusted to all users.
Special mention: Chrome 65
As mentioned in the previous announcement, SSL/TLS certificates for Legacy Symantec PKI released after December 1, 2017 are no longer trusted. This should not affect most field operators, as it requires a special agreement with DigiCert to obtain such a certificate. Visiting websites that provide such certificates will fail and the request will be blocked after Chrome 65. To avoid such errors, make sure to only use such certificates for older devices and not browsers like Chrome.
|
Posted on 5/23/2018 9:43:58 AM
|
|
|
|
