In the culmination of an ongoing issue, Google Chrome will no longer trust certificates SSL that originate from Symantec. If you saw our recent blog post about this, you’ll know why. If not, here is a quick recap:
- Google previously announced that several security certificates issued by Symantec were questionable
- Incorrect certificates included one issued to Google itself
- The two parties disagreed on the volume of certificates affected
- Google determined certificates did not conform with CA/ Browser Forum Baseline Requirements
- The newest version of Chrome (Chrome 66 launched this month) would initiate trust decline and distrust any Symantec certificated issued before 01 June 2016
- All Symantec certificates will be distrusted from October, when Chrome 70 launches
We’ve had lots of questions from people worried that their site might be affected by this issue so, we wanted to share an easy way that you can check whether or not you need to get a new SSL certificate from a different provider. If your site is one of those using a Symantec certificate and you don’t get a new one, visitors will see a ‘not secure’ warning when they attempt to access your domain in Chrome. They will be urged to return to safety, meaning your web traffic and online sales will take a hit.
Here’s what to do:
- Open a Chrome browser window and go to your website
- Hit F12,
- Once the dialogue box opens, use the top tab (left hand side) to navigate to “Console”. You may need to hit “ctrl + F5”.
- The upper most text box will indicate whether the certificate is valid or not post changes
So what does this mean? Simply put, visitors to your site will be shown a warning if they use Chrome which erodes trust in your own brand.
Go to go to Chrome Canary – this will tell you what certificate your site uses and if there is an issue with it.
We are working with Google to get confirmation on the scale of the impact that the reclassification will have on AdWords and quality scores and will be monitoring this through our reviews however it is possible that those without a valid SSL could be prevented from advertising on AdWords. It’s also likely SEO rankings will be affected.