Google has announced that it will no longer trust Symantec SSL and TLS certificates after finding over 30,000 certificates wrongly issued by the company. The security firm provides nearly a third of the safety web’s certificates for browsers.
The tech giant will also punish Symantec by significantly reducing their extended validation period, making them legit for only nine-month intervals. This measure will be taken gradually starting with the next Chrome build.
The announcement comes as Google doubles down on security actions, and tries to uphold the company name across its ecosystem of services. Recently, YouTube has come under fire for misplacing ads next to videos that feature inappropriate content.
What does this mean for webmasters?
Webmasters will have to adhere to the tech giant’s new requirements for Symantec-issued certificates or switch Certificate Authorities to one that they support.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the most popular safety protocols used online nowadays. In simple terms, they both work as a transaction between a web browser and a server to secure the connection at both ends.
Much like in the real world, where we use a license or a passport to confirm our identity, machines require certificates that serve as a testimony of their authenticity. Certificate Authorities issue these digital keys, and Symantec is one of the most prominent CAs.
SSL Certificates contain unique information from the organizations who purchase them, which in turn have to be installed in browsers to secure all traffic between the parties.
Symantec had it coming
The issue with Symantec started with Google detecting 127 certificates that were issued to entities that were not the real titleholders of some sites. After further investigation, the tech giant realized roughly 30,000 certificates had been issued without following proper protocols.
The fact that this is not the first offense by Symantec made it all more worrying, so Google decided to take concrete actions against the security firm. They have been downgraded from the browser as a trusted CA and will have to revalidate their certificates every nine months.
Such actions may trigger replicas from other browsers such as Firefox, in which Symantec Certificates are even more prominent than in Google Chrome. Webmasters who don’t want to deal with all the hassle may be better off signing up with a different CA.