Google Chrome to Block Entrust Certificates Starting November 2024

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Google To Revoke Entrust Digital Certs

Google has recently shared that its Chrome web browser will now block web destinations relying on certificates from Entrust starting from approximately November 1, 2024.

This action has been taken following several years of Entrust non-compliance and security challenges that the company has not been able to handle well.

As reported by Google Chrome’s security team, these problems have undermined trust in Entrust in terms of expertise, dependability, and propriety as a CA.

Background and Rationale

In the last few years, the publicly available Incident Reports reveal the trend of behavior that raises concern about Entrust.

These incidents, combined with Entrust’s lack of momentum in rectifying these issues, have forced Google to determine that Entrust has failed to uphold the standards necessary for a publicly trusted CA.

“We’re not prepared to waive these values,” the Chrome security team explained, stressing that security has to be uncompromising.

Impact on Chrome Users and Website Operators

With Chrome 127, TLS server authentication certificates issued by Entrust will not be recognized as valid on Windows, Mac OS X, Chrome OS, Android, and Linux builds of this browser.

This means that users who happen to visit websites with certificates issued by Entrust will be confronted with an interstitial message stating that the connection that they are about to make is not secure and private.

There are two notable exceptions: Chrome on iOS and iPadOS because Apple does not allow the use of Chrome Root Store.

For website operators, this move requires action to be taken to ensure services do not get affected. Google has requested the affected operators switch to another publicly-trusted CA owner by October 31, 2024.

Operators are able to postpone the problem by buying a new TLS certificate in Entrust before November 1st, which Google notes as only a temporary solution. Finally, operators will need to obtain new certificates from other CAs located in the Chrome Root Store.

Responses from Entrust and Mozilla

There has been discontent from Entrust following this move by Google. An Executive with Entrust clarified that the company is fully committed to the business of selling public TLS certificates and affirmed that efforts were underway to announce this.

Finally, the spokesperson was keen to note that Chrome Root Program’s action does not extend to their Verified Mark Certificates, code-signing, digital signing, or private certificates.

Google, for instance, is not the only browser entity to have raised concerns about Entrust. Similarly, Mozilla, the software company behind the Firefox browser, has criticized Entrust for managing security breaches inadequately.

Concerns stemming from this prompted Entrust to issue an elaborate response on June 7, announcing measures to attend to the concerns raised.

Swaroop, president of Entrust’s digital security solutions division, admitted shortcomings in communication and reporting and pledged organizational and cultural remedial measures.

Guidance for Users and Enterprises

Google has given hints to Chrome users and businesses who might require compatibility with Entrust certificates. Despite default trust, clients will be able to manually trust a root certificate through, for instance, the GPO interface on Windows.

This lets the user and the enterprises be able to bypass the default limitations and go on with using the Entrust certificates if needed.

Conclusion

This is a new form of advancement in what Google has been striving to achieve in terms of protecting the privacy and security of users.

In view of this, revoking trust in Entrust certificates is part of Google’s strategy to reduce risks associated with poor responses from CAs to security issues.

Website operators using the Entrust certificates need to immediately migrate to other reputable CAs in order to prevent service disruptions and provide safe connections for their users.

There is a clear path to migrating to DigiCert Premium SSL/TLS solutions, known for their protection capabilities and compatibility with high-level standards. It will prevent the possibility of disrupting browser experiences and make browsers less secure for all users.

DigiCert SSL/TLS Certificate Starts at Just $ 205.99 – Get the Highest Level of Trust and Make Your Brand More Trustable!

Janki Mehta

Janki Mehta

Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.