Google Chrome to Block Entrust SSL Certificates Starting November

/in


Google has announced that its Chrome browser will stop trusting TLS server authentication certificates issued by Entrust and AffirmTrust starting November 1, 2024.

This decision follows Entrust’s series of compliance failures and unmet improvement commitments, which have eroded Google’s confidence in the certificate authority’s (CA) competence and reliability.

Certificate Authorities (CAs) play a crucial role in internet security by issuing digital certificates that verify website authenticity and enable encrypted connections between browsers and web servers.

These certificates ensure that data transmitted between users and websites remains private and secure. However, the integrity of this system relies heavily on the trustworthiness of the CAs.

Over the past several years, Entrust has been the subject of numerous publicly disclosed incident reports highlighting a pattern of concerning behaviors.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

These include compliance failures, unmet commitments to improve, and a lack of tangible progress in addressing security issues.

When considered in aggregate, Google’s Chrome Security Team stated that these factors pose significant risks to the internet ecosystem, making continued trust in Entrust untenable.

Implementation and Impact

The blocking action will commence with the release of Chrome version 127 and affect all major operating systems, including Windows, macOS, ChromeOS, Android, and Linux. However, due to Apple’s policies, Chrome for iOS will not be affected as it does not use the Chrome Root Store.

Starting November 1, 2024, Chrome will no longer trust TLS server authentication certificates validating to the following Entrust roots if their earliest Signed Certificate Timestamp (SCT) is dated after October 31, 2024:

  • Entrust Root Certification Authority – EC1
  • Entrust Root Certification Authority – G2
  • Entrust.net Certification Authority (2048)
  • Entrust Root Certification Authority (2006)
  • Entrust Root Certification Authority – G4
  • AffirmTrust Commercial
  • AffirmTrust Networking
  • AffirmTrust Premium
  • AffirmTrust Premium ECC

Certificates issued before this date will…

Source…