Chrome and Mozilla’s decision to distrust SSL certificates results from a small number of discrepancies in SSL certificates issued by them between 2015 and now. The main criticism was about Symantec’s ability to ensure a proper authentication process for SSL certificates. Debates between Symantec and the browser community have spread over several months and have concluded with two main action points laid down by Google Chrome and later confirmed by Mozilla:
- Symantec must partner up with another Certificate Authority to run the SSL authentication and issuance processes from a new infrastructure.
- All SSL certificates issued from prior Symantec roots will be distrusted and need to be replaced without extra cost following phased timeline.
Shortly after this decision, Symantec sold their SSL business to Digicert and started issuing fully compliant SSLl certificates from their new CA infrastructure on December 1st 2017.
While Chrome and Mozilla may be acting in the interest of their customers safety, there are a number of browsers such as Internet Explorer, Safar and Opera who are choosing not to display warning messages to visitors, as they do not believe the threat to be as serious as Chrome and Mozilla claim. Regardless of severity of the security risk, plenty of website operators may have their website affected by this campaign of distrust.