Google announces the deactivation schedule for Symantec certification at Chrome following the sale of Symantec's CA business

Google plans to gradually revoke certificates issued by Symantec's Certification Authority in browser Chrome, assuming that certificates issued by Symantec (Symantec)'s Certification Authority (CA) contain unreliable certificates It is clarifying. As Symantec decided to sell the CA business, Google once again handled Symantec Certificate handling on the Security Blog.

Google Online Security Blog: Chrome's Plan to Distrust Symantec Certificates
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html

Browser development companies such as Google and Mozilla are "an industry standard in Symantec's PKI businessCA / Browser Forum Baseline Requirements"We have issued a number of certificates that do not conform to the standards", but revealed that it is a policy not to allow many of the certificates issued by Symantec CA as legitimate certificates. Symantec's PKI business operates certification authorities under brand names such as Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, and as a certification authority it is a major share with over 30% share.

Given the high share of CAs operated by Symantec, Google revealed that it will invalidate the certificate issued by Symantec CA at Chrome in the future, and also disclosed the schedule beforehand. ThatSymantec sells PKI business to DigiCertAs a result, Google has announced that the handling of the certificate issued by Symantec CA again at Chrome is as follows.


◆ Most recently since December 1, 2017
Although Symantec CA will be transferred to DigiCert's system by December 1, 2017, certificates issued by the former Symantec CA will be treated as untrusted in Chrome after the transition. Specifically, Chrome will display warnings and errors on that page.

◆ From March 15, 2018 onwards
Chrome version 66 and later will invalidate certificates issued by the Symantec CA before 1 June 2016. For this reason, publishers who use certificates issued by Symantec CA before June 1, 2016 must replace certificates issued by trusted certificate authorities before Chrome 66 is released. Chrome 66 is scheduled to release beta version on March 15, 2018, stable version on April 17, 2018.

After September 13, 2018
On Chrome 70 scheduled for beta on September 13, 2018, stable on October 23, 2018, all certificates issued by Symantec CA will be treated as untrustworthy.