Chrome’s Plan to Distrust Symantec Certificates

Hi All,

I had a quick scan but it seems that this is not a topic yet. I inspect my site and saw the following warning in the console:
(index):1 The SSL certificate used to load resources from https://api.webtest.net will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.

But on the Chrome page it only refers to Symantec. Will this be an issue for us using Let’s Encrypt?

The Chrome page (and more specifically, the Google security blog you link to) are very specific about why they're doing this with Symantec. What there says anything about Let's Encrypt or any other CA?

It will not be an issue for Let's Encrypt.

I was concerned because it seems that the warning message was specifically aimed at my certificate.

https://api.webtest.net/ isn’t using a Let’s Encrypt certificate.

It’s not a topic because it is irrelevant.

Chrome and Mozilla are distrusting Symantec certificates because Symantec had severe and repeated flaws in their issuance procedures that undermined web security. There has been a yearlong, fully transparent, public process to removing them from the web. No other CAs are affected.

Your website is running a Symantec certificate, which (based on the ‘not before’ date) looks like it will be distrusted starting September. I would move to LetsEncrypt now though, so you have plenty of buffer time for working out any kinks in your deployment systems.

@TungstenX is https://api.webtest.net/ your website? Or are you just referencing some resources from there?

Thank you for the response. But my site isn’t running a Symantec certificate - it is in fact running a Let’s Encrypt cert: https://paranoidandroid.co.za/

(When you inspect the page, you’ll see in the console the warning)

I can’t remember if I ever linked to https://api.webtest.net, maybe Joomla is referencing it?

It seems that I get this warning for all sites I’m visiting o.O (Even this page)

then you’re fine. your post listed api webtest netinstead.

Maybe it’s a browser extension? EDIT: probably this one? If so it’s their problem, not yours. (Although if a browser extension is making requests to a remote server for every website you visit and you weren’t aware of it, you might want to reconsider having it installed…)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.