Google Chrome to Block Entrust Digital Certificates Starting November 1st
In a move that could impact millions of websites, Google has announced that its Chrome browser will stop trusting digital certificates issued by Entrust, a major certificate authority, starting November 1st, 2023. This decision affects Chrome's 3.45 billion users and potentially numerous high-profile Entrust customers, including major banks, corporations, and government entities.
Key Points:
- Google Chrome will no longer trust Transport Layer Security (TLS) certificates issued by Entrust and AffirmTrust (acquired by Entrust in 2016)
- The change takes effect on November 1st, 2023 for Chrome 127 and later versions across all platforms
- Websites using affected certificates will trigger a connection not private warning for users
- Google cites concerns about Entrust's handling of security incidents as the reason for this decision
Impact on Website Operators and Users
Website operators using Entrust certificates are advised to transition to another certificate authority as soon as possible. While installing a new Entrust TLS certificate before the November 1st deadline may temporarily delay the impact, Google warns that a switch to another CA will ultimately be necessary.
For Chrome users, attempts to access sites with blocked certificates will result in a security warning. However, users can still manually trust root certificates to maintain functionality if needed.
Entrust's Response
Entrust has expressed disappointment with Google's decision and stated they are working on plans to provide continuity for their customers. The company acknowledged past mistakes in incident reporting and communication but emphasized their commitment to making lasting organizational and cultural changes.
Broader Implications
This development highlights the critical role that certificate authorities play in maintaining web security and the potential far-reaching consequences when trust in these authorities is compromised. It also underscores Google's willingness to take decisive action to protect Chrome users, even at the risk of disrupting major websites.
As the deadline approaches, it will be crucial for affected website operators to act quickly to ensure uninterrupted service for their users. Meanwhile, the broader tech community will be watching closely to see how this situation unfolds and what it might mean for the future of web security infrastructure.