Google and SSL certificates from Symantec
The search engine giant and the software company Symantec have not been swimming at the same wavelength for some time. The reason for this? Breach of trust by Symantec! Reaction: Over the course of the year, Google Chrome is withdrawing around 10% of major domains, should they not have purchased new SSL certificates to date.
Google and Symantec – how it all started
SEO Professionals Know: If websites have a secure https connection through an SSL certificate, Google will reward them with a better and higher ranking than sites that can not provide such a secure connection. Especially with online shops and in other areas, this secure encryption is almost essential. Now, you might think that site owner who has SSL certificates do not have to worry about anything else. But far from it. That’s where the dog lies buried.
The fake SSL certificates
Once Google is deceived and finds out, trust can not be restored so quickly. So in the case of Symantec. It is estimated that Symantec is responsible for more than 40% of issued SSL and TSL certificates. Now comes the hammer: Some of the Symantec certificates were forged! And of course, Google has noticed it immediately and is now talking about action.
Google Seizes Hard – Punishment for Symantec Certificates and their Users
If Google’s plan goes down this year, Chrome April 66 could be a messy deal for many certificate users starting in April. As soon as this date, the Chrome browser encounters an SSL certificate from Symantec, which was also issued before 1.6.2016, the respective site operator receives a warning. This warning from Chrome includes the information that the connection to the site may not be secure and may result in unauthorized access to data. On October 23 this year, Chrome 70 will be released and things get even more curious: the warning from Google Chrome will be even stronger, even louder so that operators of websites that once took advantage of Symantec’s SSL certificates will almost have to cover your ears.
SSL certificates from Symantec: who is affected?
After all this information and circumstances became known, the technician Arkadiy Tetelman of Airbnb just ran and built a script. This script was able to find out which and especially how many websites are affected by this “dispute”. Meanwhile, the child has a name. Overall, this action ran for about eleven hours and the script checked the one million most visited pages on the Internet on the relevant SSL certificates. And lo and behold: With the first update of Chrome are expected to be affected by error messages from April about 11,510 domains. With the October update, this number even rises to an incredible 91,627 domains. For example, it appears that nearly all sites hosted by 1 & 1 also have such SSL certification.
Punishment not just for Symantec users
But not only certificates issued directly by Symantec are affected. Certificate vendors like Thawte, GeoTrust and RapidSSL, vendors that are or were part of the Symantec trust chain, are also affected. The consequence: Users of SSL certificates from these providers will probably be deprived of trust on the above dates. To determine if a company or its site is affected by these disputes, there is a special text file provided by Tetelman. It is also recommended to all administrators to check the root CA of their respective certificates. Verification can also be done through the Developer Tools console in the Chrome browser. If the URL is entered here, you get the corresponding information via the console. And taking advantage of the current situation is probably less appropriate if you want your own pages and shops to continue to function perfectly and be accepted by the Google Chrome browser.
Google against Symantec
The Chrome browser is just a means to an end in this battle of the giants, to give Symantec a proper memo. Google believes Symantec has destroyed trust by unjustifiably falsifying thousands of certificates across multiple domains. After all, Google had caught the causer of his time several times. Especially when Symantec had also issued fake SSL certificates on google.com. Bad mistake! There is now the matching pamphlet.