Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




defiant
1002 posts

Uber Geek

Lifetime subscriber

# 240977 4-Oct-2018 20:56
Send private message

So the end is near for the distrust of Symantec, and its various subsidiary CA's, SSL certs via Chrome.

 

Just FYI, I'm running Chrome beta so on version70.0.3538.45 now, getting this when browsing to secure.2degreesbroadband.co.nz

 

Click to see full size

 

Probably best to get onto this asap, as the stable release of 70 is just around the corner, more info here

 

@2degreesCare

 

cc @NickMack

 

 

 

 


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
597 posts

Ultimate Geek


  # 2101819 4-Oct-2018 21:30
3 people support this post
Send private message

If i browse to that site, it shows it as no error and a RapidSSL Cert from 19/05/2017

 

Sure its not something on your side?

 

 


'That VDSL Cat'
11028 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2101825 4-Oct-2018 21:39
Send private message

 

seems to be a valid cert imo...

 

 

 

seeing this though, 

 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


 
 
 
 


22524 posts

Uber Geek

Trusted
Subscriber

  # 2101826 4-Oct-2018 21:41
Send private message

Firefox gives me this:

 

 

 

Click to see full size





Richard rich.ms



defiant
1002 posts

Uber Geek

Lifetime subscriber

  # 2101829 4-Oct-2018 21:47
Send private message

I'm assuming you're both using Chrome 70, and that you're both aware GeoTrust and RapidSSL were owned by Symantec before being purchased by Digicert. And that you're both aware of the Google/Symantec spat.

 

Copy/paste from the Google blog:

 

We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL)

 

Chrome 70   Starting in Chrome 70, all remaining Symantec SSL/TLS certificates will stop working, resulting in a certificate error like the one shown above. To check if your certificate will be affected, visit your site in Chrome today and open up DevTools. You’ll see a message in the console telling you if you need to replace your certificate.

 

 


'That VDSL Cat'
11028 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2101832 4-Oct-2018 21:50
Send private message

dfnt:

 

I'm assuming you're both using Chrome 70, and that you're both aware GeoTrust and RapidSSL were owned by Symantec before being purchased by Digicert.

 

 

Right, that explains it...

 

 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




defiant
1002 posts

Uber Geek

Lifetime subscriber

  # 2101835 4-Oct-2018 21:52
Send private message

Chrome 70 stable isn't out till mid October, that's when the masses will start seeing the Symantec cert error on sites that haven't migrated to non Symantec issued certs


597 posts

Ultimate Geek


  # 2101836 4-Oct-2018 21:52
Send private message

Ahh, I had saw the bit about certs before 2016 being blocked but didn't realize they were going to block ALL certs from those providers

 

 


 
 
 
 




defiant
1002 posts

Uber Geek

Lifetime subscriber

  # 2101837 4-Oct-2018 21:57
Send private message

skewt:

 

Ahh, I had saw the bit about certs before 2016 being blocked but didn't realize they were going to block ALL certs from those providers

 

 

 

 

Yeah that was for Chrome 66, the final nail in the coffin will be Chrome 70 distrusting all certs that were issued by the various Symantec brands.

 

I believe all new certs under those brands are issued by Digicert now, e.g.:

 

Click to see full sizea


Mr Snotty
8875 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2101841 4-Oct-2018 22:17
One person supports this post
Send private message

@dfnt As somebody who has had to replace a tonne of Symantec certificates over the last few months I can confirm you're correct here. The certs have to be redone with the new Digicert signer.







defiant
1002 posts

Uber Geek

Lifetime subscriber

  # 2101857 4-Oct-2018 22:53
Send private message

michaelmurfy:

 

@dfnt As somebody who has had to replace a tonne of Symantec certificates over the last few months I can confirm you're correct here. The certs have to be redone with the new Digicert signer.

 

 

Working in banking I imagine there were a lot of certs to replace -_-




defiant
1002 posts

Uber Geek

Lifetime subscriber

  # 2101871 4-Oct-2018 23:07
Send private message

freitasm:

 

I can see so many sites going "Oh oh" when Chrome 70 comes out...

 

 

Yeah, it's quite amusing/sad how many are still using Symantec/and their brands SSL certs


3874 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2101872 4-Oct-2018 23:10
One person supports this post
Send private message

michaelmurfy:

 

The certs have to be redone with the new Digicert signer.

 

 

Or better yet with free Let's Encrypt, Comodo or AWS ACM certificates.. It's high time people stopped paying money for SSL certs.





Information wants to be free. The Net interprets censorship as damage and routes around it.


Mr Snotty
8875 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2101873 4-Oct-2018 23:13
Send private message

freitasm:

 

I can see so many sites going "Oh oh" when Chrome 70 comes out...

 

A month ago I was stressing a bit when one of our major sites didn't have a replacement certificate. I was going around with Google Chrome Canary doing verification when I noticed it, had to wait for the cert guys to generate a new cert and load it on the servers.

 

That was a month ago... Glad all the certs I am responsible for are now replaced ahead of schedule. But yes, I still come across quite a few sites with Symantec certs.







defiant
1002 posts

Uber Geek

Lifetime subscriber

  # 2101874 4-Oct-2018 23:16
One person supports this post
Send private message

Lias:

 

michaelmurfy:

 

The certs have to be redone with the new Digicert signer.

 

 

Or better yet with free Let's Encrypt, Comodo or AWS ACM certificates.. It's high time people stopped paying money for SSL certs.

 

 

I'm even using Let's Encrypt (wildcard cert) for all my internal devices, like EdgeRouter, Synology NAS, pihole etc using nginx as a reverse proxy to them. That way I don't have to deal with self signed cert warnings when accessing them, and I just have a singular device that the cert resides on.

 

So easy when using the Cloudflare certbot plugin, so you don't have to expose your internal services for validation


 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.