Symantec Corporation Certificate Validation Change

Symantec Corporation has been issuing SSL certificates without proper validation. As a result, Google's Chrome browser will no longer trust all SSL certificates issued by Symantec brands (Symantec, GeoTrust, Thawte and RapidSSL). This includes the removal of the green browser address bar, which is the primary visual indicator of EV (Extended Validation) SSL certificates. With Google's decision, Mozilla Firefox and other browsers are also considering removing trust for Symantec SSL certificates. 

Symantec and Google have agreed on a plan to retire old certificates and replace them with new ones, that are properly validated by the Certificate Authority. Moreover, with DigiCert's acquisition of Symantec's Website Security Business, the responsibility of swapping invalid Symantec branded SSL certificates with valid ones has been with DigiCert since December 1, 2017. Replacement Symantec certificates issued by DigiCert will now be included in the chain of trust by the Chrome browser and will not be affected by Google's decision.  Keep in mind, Symantec branded certificates (Symantec, GeoTrust, Thawte and RapidSSL) issued prior to the DigiCert acquisition, if not replaced, will stop working on Chrome browsers in the coming months.

What does this mean for customers with Symantec certificates?

The removal of trust from old Symantec branded certificates.  Trust will be removed in two phases depending on when a SSL certificate was originally issued. 

Phase One (by March 15, 2018):

This affects certificates that were issued before June 1, 2016. These certificates will no longer be trusted by the Chrome browser on March 15, 2018. Certificates that expire before March 15, 2018, will not be affected, as these certificates will continue to work until their expiration date. Customers with certificates that expire after March 15, 2018, must request a certificate reissue (free of charge) to obtain a valid replacement certificate (see URLs to request a reissue).

Phase Two (by September 13, 2018):

This affects certificates that were issued after June 1, 2016, but before December 1, 2017. On September 13, 2018, these certificates will no longer be trusted by the Chrome browser. Certificates that expire before September 13, 2018, will not be affected. Customers with certificates that expire after September 13, 2018, must request a certificate reissue (free of charge) to obtain a valid replacement certificate (see URLs to request a reissue).

Where to go to request a reissue:

• • Symantec - https://products.websecurity.symantec.com/orders/orderinformation/authentication.do
  • GeoTrust / RapidSSL - https://products.geotrust.com/orders/orderinformation/authentication.do
  • Thawte - https://products.thawte.com/orders/orderinformation/authentication.do

HEXONET will be sending out an e-mail directly to all customers affected by these changes.

Please contact [email protected] with any questions regarding the reissue process of Symantec certificates or for assistance in updating your account.