Will you need to replace your SSL?

As of the day after tomorrow, your site may generate errors to visitors as soon as they reach a secure page.

That’s because GeoTrust and Symantec SSLs are about to become untrusted in browsers, unless the company does some very drastic things. Which they might… so if there’s no problem, great. (Read Chrome’s article here.)

It turns out that, per the articles I’ve read, Chrome found out – by running into untrustworthy sites that had been issued certificates – that Symantec was a little too loose and fast with issuance, with some issuing authorities getting slipshod about actually doing the legwork they’re getting paid to do, or were allowing other companies to issue their certificates that didn’t do the legwork (by legwork I mean actually verifying that the cert requester was who and what they said they were), just issued without checking. So the Chrome browser folks decided to no longer trust them. And that’s a big part of the overall population of SSLs out there.

It’s critically important, from an “actual web security” standpoint, that SSLs are trustworthy and real. And that those who have been granted them actually do deserve them. Since a few bad apples got into the system, it spoiled the bunch from the browser perspective. Which means lots of work for us.

So, the way to verify whether or not you’ll need to replace your certificate is to head to a secure page of your site with the web developer tools app enabled in Chrome, and read through the console’s error messages. If you get a message, we recommend switching to Comodo or some other unaffected brand of certificate pronto. Or switch to using Cloudflare premium and their SSL option.

I offer a service to check and replace SSLs, but currently I’m limiting that to current and former clients.

 


 

Update: May have been resolved?

Leave a Comment

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.