Whats the fuss about?
Google accused Symantec Corporation of series of failure to properly validate certificates. Google accordingly proposed that they will effectively withdraw Chrome browsers trust in all certificates issued by Symantec.
Any resolution?
Digicert acquired Symantec and a compromise was reached by Google to accept the certificates till some time. Symantec certificates will now be signed by Digicert sorting this issue.
So what do I need to do?
If you have a certificate from any Symantec certificate brand (Symantec, GeoTrust, Thawte and RapidSSL) then
- if certificate is issued prior to June 1 2016, Chrome has stopped trusting this certificate from March 15, 2018. Please replace these certificates.
- if certificate is issued after June 1 2016 but before December 1 2017 reissue this certificate anytime before 13 September 2018
SSL certificate checker
To know if you are affected please use the SSL/TLS certificate checker available at
https://www.websecurity.symantec.com/support/ssl-checker
Further reading
https://opensrs.com/blog/2017/06/symantec-google-avert-ssl-meltdown/
https://opensrs.com/blog/2017/09/google-symantec-resolve-chrome-browser-trust-issues/