It has been almost a year since Symantec’s hitherto unscathed reputation in the certificate business was shaken because of inconsistencies in the vetting process of some Symantec RAs and the subsequent gloomy forecast by Google’s Chromium team. Every day, you may find articles in the international press that contain sentences such as, “Google plans to stop trusting current Symantec certificates.” However, such headlines seem to come out of thin air, as they are all about certificates issued before June 1, 2016. These also retain the usual compatibility after a free certificate replacement (re-issue), even after April 2018. Continue reading
The next change for SSL Certificates
Certificate Transparency (CT) is a Google initiative to log, audit, and monitor certificates that Certificate Authorities (CAs) have issued. A CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge.
Google recently announced that certain SSL Certificates with a lifecycle beyond the 1st of January 2016 are going to be treated as progressively less trustworthy by future versions of Chrome. The SSL Certificates in question are those signed using the slightly dated SHA-1 hashing algorithm. The same is going to apply to SSL Certificates which have been signed using SHA-256, but contain SHA-1 Intermediates within their chain of certificates (Chromium Blog Post, 5th of September 2014).
By now you may already know about the Turkish Certification Authority TÜRKTRUST, which has mistakenly issued two Intermediate Certificates for two companies in Turkey.