Not all SSL certificates are as secure as they should be

Jacqui Lewis-Everley - ilateral

This is not a new story (Google announced it's plans September 2017), but many people are still unaware that Google Chrome and Firefox will be blocking websites that use SSL certificates issued by Symantec as of April this year. You many think "Well, my SSL certificate was issued by GeoTrust/RapidSSL/Thawte, not Symantec", but the reality is that Symantec provided SSL certificates to many companies (including the ones mentioned) and if you bought one of these SSL certificates, then your website might be blocked.

The result of this is that potentially thousands of websites could be blocked by Chrome and Firefox (there is a more detailed post about this on The Register), but a lot of websites providers still seem unaware that this update is coming. It is of the upmost importance that is your site is protected by an SSL certificate, you contact your provider and ask them if this update effects you!

You might feel that Google has gone to far in doing this, "how can one company dictate the availability of so many websites" you may ask? The reality is, Symantec's SSL company has not always been adhering to industry standards when issuing SSL certificates and have issued a certificate where they should not.  Consequently, Chrome and Firefox developers feel they cannot trust certificates provided by Symantec. This may be a bit of a frustration for some people, but SSL certificates are supposed to be secure and provide a level of credibility to a site. If there is evidence that a supplier might not be providing secure certificates, it is the responsibility of companies like Google to help protect it's users.
​
If you want to find out more information about the whole story, Google posted an article on their security blog last year, you can go check it out.

---