Jeremy Rowley, EVP of Product at ¶ºÒõ¹Ý, answers common questions about how customers can maintain trust in their Symantec-issued certificates.
With ¶ºÒõ¹Ý’s acquisition of Symantec Website Security, there has been some misinformation in the market about how the browser timeline affects Symantec-issued certificates. After reading this, you will have a clear understanding of what the browser timeline means for you and your business, and what (if any) action you need to take to maintain trust.
I’ve heard some customers asking if they need to reissue all their Symantec-issued certificates by December 1—this is not the case. Chrome’s timeline for distrusting Symantec certificates consists of the following milestones:
Ìý
As noted in the timeline above, Symantec-issued TLS certificates will start to be distrusted on either March 15th or September 13th of 2018 (depending on whether they were issued before or after June 1, 2016). Customers will need to reissue these affected certificates. ¶ºÒõ¹Ý will be reaching out to customers to let them know which of their TLS certificates are affected, and when they need to be reissued. ¶ºÒõ¹Ý will replace affected certificates at no cost.
NOTE: Symantec customers will not need to switch to a new platform, but can continue to use their Symantec console to order and reissue certificates. As of December 1, 2017, all certificates will be issued from a ¶ºÒõ¹Ý root, which will continue to be trusted.
Put simply, the transition of SSL validation, issuance, and other processes to ¶ºÒõ¹Ý provides Symantec customers with a path forward for maintaining trust in their SSL certificates. Symantec customers can be confident they will have continuity in their website security.Ìý
Even before the ¶ºÒõ¹Ý acquisition of Symantec Webite Security, Symantec selected ¶ºÒõ¹Ý to operate the Sub CA under the browser requirements, and ¶ºÒõ¹Ý has been working on integrating its validation and issuance systems for some time.
We are working on the following processes to meet the deadlines set forth by the browsers:
Although the transaction was not contemplated at the time, our preparations began a couple of years ago when we refactored our back end to create a scalable infrastructure and more robust validation process. This refactoring was prompted by the huge increase in certificate usage brought on by connected devices, often referred to as the Internet of Things.
We feel accountable for the trust placed in us by our customers, partners, and the security community. We appreciate the patience our customers and partners have shown us, and are excited for the opportunity ahead. We have always been customer-focused and collaborative with the security community. We will continue to provide transparency about the work we’re doing on both the front and back ends. We’re eager to build on the trust we’ve established with our customers.
¶ºÒõ¹Ý has the resources, capabilities, and infrastructure to handle the scale of our new operations. We look forward to offering Symantec customers everything they loved about working with Website Security, alongside ¶ºÒõ¹Ý’s focus on people and operational excellence, which has helped us build a strong, loyal customer base.