- Jun 9, 2013
- 6,720
Google will distrust all existing Symantec SSL certificates starting with October 2018, and Symantec will have to rebuild its entire certificate issuance infrastructure from scratch if it wants to remain in the CA (Certificate Authority) business.
This is the final ruling in an investigation into Symantec's shady SSL issuance practices started by Google and Mozilla engineers.
Investigators discovered last year that Symantec broke industry rules agreed on by the CA/B Forum, the authority that governs the procedures for issuing SSL certificates that are used to support HTTPS encrypted traffic.
Symantec punished for misissuing 30,000 SSL certs
In March 2017, Google and Mozilla engineers found that Symantec misissued 127 SSL certificates, but as the investigation progressed this initial estimation grew to a whopping figure of over 30,000 certs.
The number shocked industry experts. Because Symantec was the one of the largest CA on the market, few dared to react. The first one to show its displeasure with Symantec's SSL issuance procedures was Google, who a few days later after the discovery announced an intention to gradually remove support for Symantec certificates in Chrome.
While Mozilla, Microsoft, or Apple never spoke on the Symantec issue, they were also displeased with the CA but allowed Google to spearhead the investigation, which dragged on for months.
Full Article. Google Outlines SSL Apocalypse for Symantec Certificates
This is the final ruling in an investigation into Symantec's shady SSL issuance practices started by Google and Mozilla engineers.
Investigators discovered last year that Symantec broke industry rules agreed on by the CA/B Forum, the authority that governs the procedures for issuing SSL certificates that are used to support HTTPS encrypted traffic.
Symantec punished for misissuing 30,000 SSL certs
In March 2017, Google and Mozilla engineers found that Symantec misissued 127 SSL certificates, but as the investigation progressed this initial estimation grew to a whopping figure of over 30,000 certs.
The number shocked industry experts. Because Symantec was the one of the largest CA on the market, few dared to react. The first one to show its displeasure with Symantec's SSL issuance procedures was Google, who a few days later after the discovery announced an intention to gradually remove support for Symantec certificates in Chrome.
While Mozilla, Microsoft, or Apple never spoke on the Symantec issue, they were also displeased with the CA but allowed Google to spearhead the investigation, which dragged on for months.
Full Article. Google Outlines SSL Apocalypse for Symantec Certificates
