What's the SSL Apocalypse and How Can You Avoid It?
Starting on April 17, Chrome users attempting to visit HTTPS URLs using Symantec certificates will see Google’s unsecure website warning page.
With the release of build 66, Google Chrome will no longer trust SSL/TLS certificates issued by Symantec before June 1, 2016 or after December 1, 2017. This includes certificates that rely on Symantec issued by Thawte, GeoTrust and RapidSSL.
Google will no longer trust any certificates with Symantec roots with Chrome 70, slated for release in October 2018.
Will This Impact Your Site?
It’s impossible for us to say if this will impact your website, since we don’t know who issues your certificate. However, WooRank subscribers should have received, or will very soon receive, a notification that they will be impacted by this change on April 17.
If you receive a notification from WooRank, purchase a new certificate, or get a free one, as soon as possible!
Not a WooRank member? No problem!
You can check yourself if you’ve got a certificate from Symantec, Thawte, GeoTrust or RapidSSL.
How to Check Your SSL/TLS Certificate
If, for some reason, don’t know who issued your certificate or if you’re working on someone else’s website, checking the provider is pretty easy.
Just head to your website (homepage is fine) and click on "Secure" or padlock icon that appears next to the URL in the browser:
Click the "Valid" link that appears below “Certificate”:
This will bring up a small pop-up window that contains the information about the site’s certificate:
In our case, WooRank’s certificate is issued by GoDaddy, so no issues here for us.
Why Is This Happening?
Google announced it would stop trusting Symantec after it came out that Symantec had misissued certificates. Symantec has said it wrongly issued 127 certificates, while others have claimed as many as 30,000 certificates.
As a result of this kerfuffle, Symantec sold off its certification business to DigiCert.
However, Google has decided it’s not going to trust any certificates issued by Symantec’s infrastructure before DigiCert took over (December 2017).
It’s Now or Never
Google first announced its intention to stop trusting Symantec certification on its blog way back in September 2017. So this has been a while coming.
While this can have a potentially scary impact if you’re caught unprepared on April 17, if you update your SSL/TSL certificate before that date, you’ll be fine.