![]() ![]() Google told Symantec in October to step up its game to avoid certificate-related problems in Chrome and other products. Symantec offers free replacements in each of our certificate management consoles,” Symantec said. ![]() “It is important to replace such a certificate with one that chains up to a more modern root. However, the company told Google it does not believe its customers will be affected by the removal of the certificate. The security firm has informed customers that browsers may remove support for certificates issued with the discontinued root certificate, which will result in browser errors. While Google’s blog post seems alarmist, Symantec has pointed out in its advisory that the discontinuation and its timing are in line with industry best practices based on CA/Browser Forum Baseline Requirements. “This step is necessary because this root certificate is widely trusted on platforms such as Android, Windows, and versions of OS X prior to OS X 10.11, and thus certificates Symantec issues under this root certificate would otherwise be treated as trustworthy.” ![]() “As Symantec is unwilling to specify the new purposes for these certificates, and as they are aware of the risk to Google’s users, they have requested that Google take preventative action by removing and distrusting this root certificate,” Sleevi explained in a blog post. Symantec told Google that it plans on using the root certificate for other purposes, but it has not specified its new functions. “As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products,” explained Sleevi. 1 that it had discontinued the VeriSign G1 root certificate (Class 3 Public Primary CA), which had been used to issue public code signing and TLS/SSL certificates.Īccording to Google software engineer Ryan Sleevi, since this root will no longer comply with CA/Browser Forum Baseline Requirements, the search giant cannot ensure that the certificate or the certificates issued with it are not abused to intercept or impersonate secure communications. Google announced on Friday that it will remove a Symantec root certificate from Chrome, Android and other products over the coming weeks in an effort to protect its customers. ![]()
0 Comments
Leave a Reply. |