Back
-
Solutions
Back
Digital Trust for:
Enterprise IT, PKI & Identity
Code & Software
Documents & Signing
¶ºÒõ¹Ý® Device Trust Manager
Manage PKI and certificate risk in one place
Modern crypto for evolving
business needs
Secure, update, monitor and control connected devices at scale
DOWNLOAD NOW - Buy
-
Insights
Back
Resources
Explore these pages to discover how ¶ºÒõ¹Ý is helping organizations establish, manage and extend digital trust to solve real-world problems.
Ponemon Institute Report
See what our global post-quantum study uncovered about where the world stands in the race to prepare for quantum computing.
LEARN MORE >
-
Partners
Back
- Support
- Contact us
-
Language
Google's distrust of
Entrust certificates
If you need replacement certificates or lifecycle automation, we’re here to help.
Entrust Certificate Distrust
Get replacement certificates. Fast.
- Quickly and easily purchase replacement TLS/SSL certificates with a credit card.
- Your purchase includes access to ¶ºÒõ¹Ý CertCentral®, our award-winning certificate management and lifecycle automation portal.
- If you have needs not listed here, contact us. Our team can help create a personalized solution.
Looking for a tailored migration experience?
If you have many certificates to replace or other complex technical or business requirements, please contact our team to discuss the best migration path for your organization. ¶ºÒõ¹Ý offers a broad variety of trusted digital certificates, PKI services and our modern certificate lifecycle management solution, ¶ºÒõ¹Ý® Trust Lifecycle Manager.
Google chrome to distrust Entrust certificates
Public TLS certificates issued from Entrust roots with a Signed Certificate Timestamp (SCT) dated after October 31, 2024 will not be trusted by Google Chrome.
- To be trusted by a browser, a certificate authority must comply with specific requirements defined by the CA/Browser Forum.
- To ensure trust is consistent and continuous, browsers receive regular audit reports about CA operations and compliance.
- Transparency is the rule. CAs are expected to work in good faith with browsers to fix and prevent issues. 
- Recently, root programs indicated a lack of confidence in TLS certificate issuance practices of Entrust.
- Google ultimately made the decision to .
What does that mean for Entrust customers?
- Public TLS certificates issued off of Entrust roots whose earliest SCT is after October 31, 2024 will no longer be valid on Google Chrome.
- Those Entrust certificates will be treated as an unsecured site.
- Any TLS certificate with an SCT dated before November 1, 2024 will be valid for its term.
We’re here to help
We understand this incident poses significant risk of business disruption to a large number of organizations.
As the world leader in globally trusted PKI and TLS/SSL solutions, we are committed to making our services and solutions available to help you maintain critical operations and ensure uninterrupted business continuity during the transition from Entrust—and beyond.
Why trust ¶ºÒõ¹Ý?
We take our responsibility as aÌýCertificate Authority (CA)Ìýin the root store of all major browsers very seriously. Our entire company’s sole focus is—and has been for more than two decades—to do everything in our power to deliver digital trust to our customers that enables them to safely communicate, engage, and transact across the breadth of the connected world. 
How we earn your trust
Compliance for all
¶ºÒõ¹Ý employs a proactive and data-driven approach to compliance—and even offer our technology freely to help other organizations do the same, including our recent open-source release of PKIlint, an automated certificate linter that enables users to rapidly check certificates for errors and compliance issues.
Global standards and governance
Without a globally accepted body of standards, there is no core foundation for trust. We adhere to all the requirements of the CA/Browser Forum for the issuance and management of certificates.
Leading by example
We work closely with the CA/Browser forum and leading standards organizations. We also actively participate and lead on numerous boards and initiatives. That’s because we see active leadership as the most effective means to continuously improve the security and dependability of security technologies and embody our mission to deliver digital trust in the real world.
Need assistance navigating your migration from Entrust?
Our experts can help ensure you make the transition without disruption or costly outages. Reach out today.
Related resources
BLOG
The Entrust distrust: Key takeaways for CAs and organizations
BLOG
Why Compliance is the Foundation of Digital Trust
BLOG
¶ºÒõ¹Ý Releases Innovative Automated Testing Tool for Digital Certificates
BLOG
What is a CA's role in delivering digital trust?
Video
What is digital trust?
Datasheet
Certificate management for TLS best practices
The Entrust distrust
webinar
What happened, what it means and what steps to take
We helped thousands navigate the Symantec distrust in 2018. Join us for an experience-backed roadmap to avoiding disruption from the Entrust distrust.
FAQ
When will my Entrust certificates be distrusted by Google Chrome?
When should I start replacing my current Entrust certificates?
How can I determine if we are using Entrust certificates in our environment?
How long will it take to get new certificates?
How can we trust that ¶ºÒõ¹Ý will not have a similar distrust problem?
When will my Entrust certificates be distrusted by Google Chrome?
Public TLS certificates issued from Entrust roots with a Signed Certificate Timestamp (SCT) dated after October 31, 2024, will not be trusted by Google Chrome after October 31, 2024.
Any TLS certificate with an SCT dated before October 31, 2024, will be valid for its term.
When should I start replacing my current Entrust certificates?
We recommend customers start planning their replacement strategy as soon as possible to get an accurate inventory of their certificates with their corresponding expiry date, assess the risk profile of the associated service, and plan the replacement process. Here are the top 4 things you should do today. (link to section on the site that says this)
How can I determine if we are using Entrust certificates in our environment?
A variety of tools can connect to your infrastructure to scan and discover certificates in your environment. ¶ºÒõ¹Ý Trust Lifecycle Manager (TLM) and ¶ºÒõ¹Ý CertCentral can evaluate your environment to identify any Entrust certificates in need of replacement. Contact us if you need help with this.
How long will it take to get new certificates?
Getting new certificates can be done very quickly; however, you will need to be responsive and quick to work with us. We will need to validate your domain, which takes seconds, and then validate your organization, which can be done in minutes. The entire process of getting your new certificates can be completed very quickly.
After this initial organization validation is done, future certificates will not need to go through this process until their validation expires—according to industry guidelines—which means subsequent certificate requests will be even quicker.
How can we trust that ¶ºÒõ¹Ý will not have a similar distrust problem?
There are three things that distinguish ¶ºÒõ¹Ý and its certificate authority business. First, we have well defined processes that we follow diligently and use tools like PKILint that we’ve developed to help mitigate issues. Second, we work closely with the CA/Browser Forum to respond to issues quickly and transparently; when issues arise, we work quickly to solve them. Finally, we are an active participant with the standards bodies, ensuring that we not only comply with standards but help evolve them for the benefit of industry.
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.Ìý
-
© 2024 ¶ºÒõ¹Ý. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings