If you want your company website to be trusted by visitors and have a stronger presence online, an SSL certificate is a mandatory step for your business. Besides presenting your website as secure, it will contribute positively to the website’s online ranking.
This year web browsers tightened the security rules for websites in general. Google was the first to announce in 2014, that in 2017 HTTPS (HyperText Transfer Protocol Secure) needed to be implemented on every website. Mozilla quickly followed, and soon began to phase out outdated SSL certificates. If your website does not have an SSL Certificate, it is being marked as unsafe.
The consequences of not using HTTPS are rather dire in the competitive world we call the internet. Your website is marked as a unsafe, which could lead to less visitors and loss of potential revenue. Learn how Chrome and Firefox penalize unsafe websites in 2017.
In another effort to make the internet a safer place, Google set in motion a plan to kill Symantec certificates, in early 2018. The decision was reportedly the outcome of a “long tussle over dodgy certificates”.
SSL Certificate nightmare for Symantec
After Google’s July announcement, Symantec is handing its infrastructure to DigiCert, which will be operational this month. DigiCert had to update their PKI infrastructure, and any certificates issued by Symantec’s old infrastructure will be listed as “not trusted”.
This decision came from an investigation into Symantec’s SSL issuance practices initiated by Google and Mozilla engineers. Investigators discovered last year that Symantec broke industry regulations agreed on by CA /B Forum, the authority that governs procedures for issuing SSL Certificates.
The investigation also concluded that 30,000 unregulated certificates were issued in 2017. Google announced days later that Chrome would stop supporting Symantec certificates.
A battle of interests between Google and Symantec?
The ongoing feud between Symantec and Google will undoubtedly affect many website owners and the SSL industry. It is also unclear whether Google is taking advantage of Symantec’s situation to further their own commercial plans.
According to this article, while Google claimed that Symantec was not complying with industry standards it failed to present necessary documentation from the audits. Adding to this, is the fact that Google is a major sponsor of Let’s Encrypt, a free, automated and open certificate authority.
Google Chrome is currently the most used and popular browser in the market. Taking action against one of the main SSL Certificate providers, definitively raises questions and could have a large ripple effect.
What does it mean for you?
Google is planning to remove trust in Symantec-issued certificates in March 2018. This means that website owners will need to revise their certificates, and choose an SSL alternative that wouldn’t be marked as untrusted.
If you are a website owner revise the validity of your certificate, if you happen to have a certificate from Symantec, check Symantec’s timeline and Google’s blog post, to prepare for the changes coming in 2018.
Ask vBoxx for help
vBoxx has more than 20 years of experience in the field of data management, and information management. We are ready to advise you on how to tackle these changes, and provide alternatives to Symantec certificates if necessary.