If you have many certificates to replace or other complex technical or business requirements, please contact our team to discuss the best migration path for your organization. ¶ºÒõ¹Ý offers a wide variety of trusted digital certificates, PKI services, and certificate lifecycle management.
Public TLS/SSL certificates issued from Entrust roots will not be trusted by Google Chrome if the Signed Certificate Timestamp (SCT) is dated after November 11, 2024, and by Mozilla if the SCT is dated after November 30, 2024.
We understand this incident is a business disruption for affected organizations.
As a global leader in globally trusted public and private trust solutions, we are committed to helping you maintain critical operations and ensure business continuity during the transition from Entrust—and beyond.
Our experts can help ensure you make the transition without disruption or costly outages. Reach out today.
We helped thousands navigate the Symantec distrust in 2018. Join us for an experience-backed roadmap to avoiding disruption from the Entrust distrust.
The Entrust distrust: Key takeaways for CAs and organizations
Why Compliance is the Foundation of Digital Trust
¶ºÒõ¹Ý Releases Innovative Automated Testing Tool for Digital Certificates
What is a CA's role in delivering digital trust?
What is digital trust?
Certificate management for TLS best practices
Why did Google decide to distrust Entrust roots?
When will my Entrust certificates be distrusted?
When should I start replacing my current Entrust certificates?
How can I determine if we are using Entrust certificates in our environment?
Why did Google decide to distrust Entrust roots?Ìý
In , Google said:
Over the past several years, highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted CA Owner.
And...
Certification Authorities (CAs) serve a privileged and trusted role on the Internet that underpin encrypted connections between browsers and websites. With this tremendous responsibility comes an expectation of adhering to reasonable and consensus-driven security and compliance expectations, including those defined by the CA/Browser TLS Baseline Requirements.
Over the past six years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports. When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the Internet ecosystem, it is our opinion that Chrome’s continued trust in Entrust is no longer justified.
When will my Entrust certificates be distrusted?
Starting with the November 11 stable release of Google Chrome, which all Chrome users will eventually install, public TLS certificates issued from Entrust roots with a Signed Certificate Timestamp (SCT) dated after November 11, 2024, will not be trusted by Chrome.Ìý
they would distrust Entrust roots as of December 1. Any Entrust TLS certificate with an SCT dated on or before November 30, 2024, will be valid for its term. But if you modify, rekey, or renew such a certificate on or after December 1, it will be distrusted.
Any Entrust TLS certificate with an SCT dated on or before November 11, 2024 (for Google Chrome) and November 30, 2024 (for Mozilla Firefox) will be valid for its term. But if you modify, rekey, or renew such a certificate, it will be distrusted.Ìý
When should I start replacing my current Entrust certificates?
We recommend customers start planning their replacement strategy as soon as possible, with an accurate inventory of their certificates. You may already be experiencing outages because of their distrust. This effort involves learning when each certificate will expire, assessing the risk profile of the associated service, and planning the replacement process.  Contact us today  to start your migration plan.Ìý
How can I determine if we are using Entrust certificates in our environment?
A variety of tools can connect to your infrastructure to scan and discover certificates in your environment. If you are an Entrust customer, look in your Entrust console for tools to help.Ìý
¶ºÒõ¹Ý customers can use ¶ºÒõ¹Ý® Trust Lifecycle Manager (TLM) and ¶ºÒõ¹Ý CertCentral® to evaluate their environment and identify any Entrust certificates in need of replacement. Contact us if you need help with scanning and discovery.Ìý