This is an important update to notify you of changes impacting Symantec SSL Certificates. If you own a Symantec SSL Certificate and it has not been renewed or re-issued by the timeline provided, your SSL certificate may stop showing a secure connection.
Carefully read through this post to determine if you need to take action to ensure your website will continue to be secure.
On March 15, 2017, Google announced that Chrome 66 would no longer support SSL certificates that were issued by Symantec. Google removed support for Symantec SSL’s because the SSL certificates had a history of not following proper validation rules and protocols. Because of this, Chrome 66 will no longer consider websites with old Symantec SSL certificates secure. This new Chrome version is planned to be released on March 15, 2018.
What does this mean for you?
No-IP provides Geotrust and RapidSSL certificates which are validated by Symantec. This means that some of our customers will need to reissue their SSL Certificates again in order for them to be properly signed and verified. Upon reissue, DigiCert will be the new SSL signer and Chrome 66 will see the re-issued SSLs as secure.
How to re-issue your SSL
Here is a timeline to help determine if you need to take action.
No Action is Required – No action is required if your current SSL certificate meets the following requirements:
- Certificates issued prior to June 1, 2016, and expiring prior to March 15, 2018
- Certificates issued after June 1, 2016, and expire prior to September 13, 2018
- Certificates issued after December 1, 2017
Action is Required — Re-issue Now
- Certificates issued prior to June 1, 2016, and expire on, or after March 15, 2018 – You need to re-issue your SSL certificate(s) before March 15, 2018
- Certificates issued after June 1, 2016, and expires on, or after September 13, 2018 – You need to re-issue your SSL certificate(s) before September 13, 2018.
Do I need to pay to re-issue my SSL Certificate?
No. GeoTrust SSL certificates provide unlimited re-issues.
Note: If you have renewed your No-IP SSL Certificate after December 1, 2017, DigiCert automatically became the SSL signer and there is no further action needed.
Why is this happening?
On January 19, 2017, the Google Chrome team began investigating a series of failures by Symantec Corporation to properly validate certificates. During this investigation, Google realized that over 30,000 SSL certificates had been issued with some kind of validation error over the past few years. The findings from this investigation lead the Google team to lose confidence in the certificate issuance policies and practices of Symantec. Google reached out to Symantec to have them correct their issuance policies, but the issues were never corrected.
Since Symantec did not make the necessary changes DigiCert bought out Symantec Website Security and related PKI solutions. Since then, Digicert has been adhering to proper certificate validation.
We do apologize for any inconvenience this may cause. However, this effort is to ensure all of our customer’s certificates are validated properly and will be honored by all major web browsers.
If you have any questions or need help, please contact our Customer Success team and we will be glad to assist you.