Wordfence releases a PSA – Replacing SSL and TLS by certain providers
On March 12, 2018 Wordfence Security released a public service anouncement about replacing
Your SSL/TLS Certs by Symantec, Thawte, VeriSign, Equifax, GeoTrust and RapidSSL
What does this change mean for hosted web sites and WordPress web sites?
This will effect users of Google Chrome, which is a leading browser that your consumers maybe using and the way they will be viewing your web site that have installed these particular SSLs installed. You will have to replace these to remedy this problem. These SSLs will no longer be working. See how you can remedy this change happening.
According to Wordfence security:
Chrome 66 is ending support for Symantec certificates issued before June 1, 2016 on the following schedule:
- The ‘Canary’ release already ended support for these certificates. It was released on January 20th, 2018.
- The Beta release for Chrome 66 will be released on March 15th.
- The Stable release for Chrome 66 will be released on April 17th.
If you are running a Symantec certificate issued before June 1, 2016, and you do not replace that certificate, then from April 17th onwards this is what your site will look like to site visitors:
As you can see, the error is described as NET::ERR_CERT_SYMANTEC_LEGACY, meaning that your site is using a legacy Symantec certificate that is no longer supported.
Starting with Google Chrome version 70, all remaining Symantec certificates will stop working, including those issued after June 1, 2016. Chrome 70’s release schedule for Canary, Beta and Stable is July 20th, September 13th and October 16th respectively.
To check if your certificate will be affected by this change, you can visit this page and enter your website’s hostname in the form provided: https://www.websecurity.symantec.com/support/ssl-checker.
If your site will have an issue, the page should give you a warning. Make sure you just enter the hostname and remove the https:// prefix and the ending slash.
An alternative way to check if your website will have a problem is to download Chrome’s bleeding edge ‘canary’ version and visit your website. Then check the DevTools in Chrome for any warning message regarding your SSL/TLS certificate.
You can find more info on the official Google Security Blog.
Please help spread the word so that site owners are not caught by surprise when this change goes live next month.
To keep up with all of the latest in security releases and announcements, subscribe for notifications on Secure Hosting WP or follow the information on the official Wordfence blog if you are using Wordfence to help secure your site.