Tens of thousands of websites are going to find themselves labelled as unsafe unless they switch out their HTTPS certificate in the next two months.
Thanks to a decision in September by Google to stop trusting Symantec-issued SSL/TLS certs, from mid-April Chrome browser users visiting websites using a certificate from the security biz issued before June 1, 2016, or after December 1, 2017 will be warned that their connection is not private and someone may be trying to steal their information. They will have to click past the warning to get to the website.
The change will come in build 66 of Chrome – due for public release on April 17 – and the problem will get even bigger on October 23 when build 70 is released and all Symantec certificates will be listed as not being trustworthy.
Of course, not everyone uses Chrome and not everyone will instantly upgrade to the latest version, but it’s safe to say that it will become a very big headache very quickly for those sites that haven’t obtained new HTTPS certs from other authorities.
The question is: how big a headache? Early beta testers of the Chrome build have been warning that they keep coming across websites with untrusted certificates and seeing the danger message. Fortunately, one person has gone to the trouble of running a script to figure quite how ugly it’s going to get.
Well, melee. Dust-up? Minor inconvenience? But it’s coming!!
Read more from the source: Beware the looming Google Chrome HTTPS certificate apocalypse! • The Register