Why your SSL certificate is now showing as insecure under Google Chrome 70
We recently happened to view a customer website using the Beta version of Google Chrome and we saw it had SSL certificate issues in Chrome 70 whereby it showed the certificate as invalid. We knew the certificate was OK and it only showed as problematic under Google Chrome 70.
So what’s the story?
Google (as the defacto internet police) are about to make a bunch of websites show as INSECURE and display the dreaded warning page before allowing a user to open a website when Chrome v70 releases.
The current version is 69 and according to their development schedule 70 is due to roll out from 16th October 2018.
Although this has been reported in the tech press already, it hasn’t really been that visible lately so hasn’t been on our radar.
It seems this all stems from Google thinking Symantec did a rubbish job of validating SSL certificates a while back and deciding they would mark them as insecure. A stay of execution was reached when Digicert acquired Symantec…but that grace period has run out.
The certificates in question will be from Symantec, GeoTrust, Thawte, and RapidSSL and were issued before 1st Dec 2017.
How to see if my website is affected?
There’s a simple checker to see if a website has this timebomb: https://www.websecurity.symantec.com/support/ssl-checker.
If you use a paid SSL certificate we recommend you quickly check your site using the link above. If you need help you can email [email protected] for assistance.
It says I need to change my certificate – how?
Go back to your providers website and follow the instructions to reissue a replacement certificate.
If this is not feasible, you can either purchase a new certificate or install a LetsEncrypt certificate instead.