The popular internet browsers Google Chrome and Mozilla Firefox have recently announced their plans to distrust any SSL certificates issued by the company Symantec before December 1st 2017. An SSL certificate is an important aspect of a website that handles sensitive, personal information. Symantec’s Web Security and other PKI solutions have been taken over by the company DigiCert – this acquisition will result in DigiCert updating and modernizing several aspects of the Symantec model. However, in the meantime, Chrome and Mozilla have decided to remove trust in Symantec SSL certificates until these updates are completed.
SSL certificates from IONOS
Protect your domain and gain visitors' trust with an SSL-encrypted website!
Easy to activateProven safety24/7 assistanceChrome and Mozilla’s decision to distrust SSL certificates results from a small number of discrepancies in SSL certificates issued by them between 2015 and now. The main criticism was about Symantec’s ability to ensure a proper authentication process for SSL certificates. Debates between Symantec and the browser community have spread over several months and have concluded with two main action points laid down by Google Chrome and later confirmed by Mozilla:
Shortly after this decision, Symantec sold their SSL business to Digicert and started issuing fully compliant SSLl certificates from their new CA infrastructure on December 1st 2017.
While Chrome and Mozilla may be acting in the interest of their customers safety, there are a number of browsers such as Internet Explorer, Safar and Opera who are choosing not to display warning messages to visitors, as they do not believe the threat to be as serious as Chrome and Mozilla claim. Regardless of severity of the security risk, plenty of website operators may have their website affected by this campaign of distrust.
Chrome will begin issuing security warnings on the April 16th, 2018 to Chrome 66 (and later) users when they try to access a Symantec SSL-encrypted website. This warning will appear on all Symantec SSL certificates issued before the June 1st, 2016. From October 2018,Chrome 70 (and above) users will also receive the message on all sites that contain Symantec SSL certificates issued before December 1st, 2017. The warning message simply states that the data exchange may be unsafe. Visitors can accept the warning and continue on to the website unimpeded: the website’s functionality will remain unaffected. There is no risk to any data on your website being compromised.
In order to work out whether or not your website’s SSL certificates will be affected by this change, you will need to check the validity of the certificate. There are a number of online tools that can help you assert the validity of your SSL certificates – simple research, select and download your program to check their certificate validity. Alternatively, checking the validity through your own browser is quite straightforward. Here, we will show you how to check whether your SSL certificates are in date or not on Google Chrome and Mozilla Firefox.
To check the status of your SSL certificate on Chrome, select the icon next to the URL. This may be a green lock (connection secure), a yellow exclamation mark (no certificate provided), a blank page icon (this website does not need prior authentication), a lock icon with a yellow triangle (certificate provided, but security standard is low) or a red padlock (site has certificate issues). Click on the icon present and a window will pop up with an option to view the certificate:
![Checking the validity of your certificate on Chrome.]](https://www.ionos.ca/digitalguide/fileadmin/DigitalGuide/Screenshots_2018/SSL-certificate-information.jpg "Checking the validity of your certificate on Chrome.]")
Go to the “Details” tab in the second popup window and you will be able to find the validity period dates for the website’s certificate.
The process for checking the validity of an SSL certificate on Mozilla Firefox is more or less the same as checking on Chrome. Next to the URL should be a security icon – either a green padlock (secure), gray padlock with a yellow exclamation triangle (connection may not be secure) or a gray packlock with a red line through it (connection not secure). Clicking on the security icon will bring up a small pop up window:
Simply click on the arrow next to the website connection information and another window will pop open. In the General tab of the pop up window, the Period of Validity will be on display at the bottom.
The timeline consists of two phases which match Google Chrome 66 & 70 version releases:
Phase I –Certificates issued before June 1st 2016 will be distrusted by Chrome 66. You will need to renew SSL certificates issued before this date on before March 15th 2018.
Phase II – If your SSL certificate was issued after December 1st, 2017 then there is no need to reissue it. Certificates issued before December 1st 2017 will be distrusted by Chrome 70. Any SSL certificates issued before this date will need to be replaced by September 13th 2018. With Chrome 66 you may already notice a warning in Chrome Developer Tools:
If the SSL certificate is not replaced before Chrome 70 is released, then your customers will no longer be able to access your site:
All affected SSL certificates need to be replaced through a Reissue operation. This provides a new certificate for the same domain, with the same expiration date as the one replaced.
If your certificate expires before Sept 13th 2018 (Chrome 70 beta), there’s no need to take any action.
Symantec/DigiCert are offering affected customers a new SSL certificate free of charge.
You will need to create a CSR (Certificate Signing Request) for each of the certificates you wish to replace/have reissued, which is a standard procedure for sending DigiCert your public key, information about your company and your domain name. Submit your request, and once DigiCert have revalidated your domains and organizations, you will receive the new certificate which you can install.
As a IONOS customer, the reissue will be taken care of automatically to ensure the latest security standards and full browser compatibility. Click here for more information.
The topic of data security is becoming increasingly important for both private users as well as in the business world. As a website owner, you should take all the necessary precautions to ensure that a visit to your site is as secure as possible. Converting your site from HTTP to HTTPS or SSL is an important first step to securing your website and gaining your customers’ trust.
HTTPS, the network protocol for TLS-encrypted data transfer online can be circumvented in some cases. The danger is that encrypted websites can be accessed via unencrypted HTTP. But the HTTPS extension HSTS (HTTP Strict Transport Security) forces website access via TLS encryption, closing the security gaps that hackers like to use to intercept the HTTPS connection during transport using...
SSL/TLS certificates play an increasingly important role in the transmission of sensitive data. They guarantee that data packets reach the desired addressee without any detours. Problems only arise when internet users are deliberately redirected by invalid certificates from dubious certification bodies – a scenario that can be prevented using so-called HTTP public key pinning (HPKP).
Sitemaps belong to the standard features of a website, but they seem to be gradually disappearing from the World Wide Web. Some online presences hide the navigation file or even forgo it completely. We explain why search engines like Google still give sitemaps a lot of attention, how important sitemaps are for SEO as a result, and how you can create sitemaps yourself – manually or with a sitemap...
Security on the internet is always paramount: regardless of whether you run a website yourself or just surf the web, you should always understand the basics of internet security. Here we explain exactly what SSL certificates are, what you need them for, and the different types of certificates that are out there.
Provide powerful and reliable service to your clients with a web hosting package from IONOS.
View packages
