• This thread is just the tip of the iceberg.The people ahead of the curve aren't Googling for answers — they're already in here, having the conversations you haven't found yet. DealerRefresh is free.Get the full picture →

Chrome plans to distrust some 2016 and prior Symantec site security certificates

Jump to latest Follow Reply
Rick Buffkin

Rick Buffkin

Sausage King of Chicago
Oct 29, 2009
771
895
Awards
10
First Name
Rick
#1
Guys,

Just wanted to pass some website security certificate info to you. If your site is using a SSL/TLS certificate from Symantec (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL) that was issued before June 1, 2016, it will stop functioning in Chrome 66 (Beta comes out 3/15/18 and Stable comes out 4/17/18), which could already be impacting your users on the first release.

interstitial%2B-%2B1.png


You can read the entire post here:
https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

You need to check your sites and make sure your not affected.
Heres a checker on Symantec's site. https://www.websecurity.symantec.com/support/ssl-checker
 
Last edited:
  • Useful
Reactions: Alexander Lau
#3
craigh said:
Thankfully most vendors have moved to LetsEncrypt.
We offer a new certificate every 90 days and, as of today, can do wildcard certificates for any landing page subdomains.

LetsEncrypt changed everything by offering SSL certificates at no cost.
Click to expand...
I wouldn't agree that "Most vendors" have moved to Letsencrypt. Sadly most haven't from my experience. Cpanel has at least enabled autoSSL, and theres millions of websites using Cpanel, but its up to web hosts to enable autoSSL or not. If you don't have WHM (Web Hosting Manager) you probably won't have the feature. So still it can be hard to get hold of a free/decent SSL. One solution is to use cloudflare which has a free SSL, but not all browsers accept it. Maybe soon all web hosts will offer letsencrypt, or something similar.
 
Dealer Authority INVENTORY
#4
Auto Ad Sales said:
I wouldn't agree that "Most vendors" have moved to Letsencrypt. Sadly most haven't from my experience. Cpanel has at least enabled autoSSL, and theres millions of websites using Cpanel, but its up to web hosts to enable autoSSL or not. If you don't have WHM (Web Hosting Manager) you probably won't have the feature. So still it can be hard to get hold of a free/decent SSL. One solution is to use cloudflare which has a free SSL, but not all browsers accept it. Maybe soon all web hosts will offer letsencrypt, or something similar.
Click to expand...

We install LetsEncrypt with automated install scripts, works great - WHM makes it even easier, but agreed that it's not available to everyone.

CloudFlare is another easy solution, but it's always better to install a server-side certificate.
The one downside to CloudFlare is that it's a single point of failure since they decrypt all traffic and re-encrypt between the unencrypted host.
This means that CloudFlare has access to all traffic in plain text, even if the end user doesn't.
Since they're essentially acting as a man-in-the-middle attack on your behalf, we have to trust this 1 single provider to protect everything.
 

✨ AI Highlights

Rick Buffkin alerts dealers to a critical issue: Symantec SSL certificates issued before June 1, 2016 will stop working in Chrome 66 (April 2018), potentially breaking website access for users. The discussion that follows focuses on affordable alternatives, with respondents debating the adoption rate of free solutions like Let's Encrypt, cPanel's autoSSL, and Cloudflare, ultimately concluding that while free SSL options exist, not all web hosts have made them readily available to customers.

Replies Views 3 1,807 Started Last Reply

Latest posts

Hrizn SEO Ai Overviews
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Menu