Google Tightens Digital Certificate Security, Drops Entrust and AffirmTrust

Google Tightens Digital Certificate Security, Drops Entrust and AffirmTrust
Google revokes trust in digital certificates issued by Entrust and AffirmTrust due to security concerns, urging websites to switch to trusted CAs to ensure user safety.

Google announced today a significant change to its Chrome browser’s security protocols, revoking trust in digital certificates issued by Entrust and AffirmTrust. This decision stems from the Certificate Authorities’ (CAs) repeated failure to meet security standards, posing potential risks to user data and online safety.

Digital certificates are essential to internet security, acting as the online equivalent of passports for websites. They verify a site’s identity and encrypt data to protect it from prying eyes. However, when a CA fails to uphold rigorous security standards, the certificates they issue can be compromised, potentially leading to data breaches and other cyber threats.

Google’s decision to distrust Entrust and AffirmTrust comes after a pattern of unmet improvement commitments, compliance failures, and slow responses to publicly disclosed security incidents. This move underscores Google’s commitment to maintaining a high level of security for Chrome users.

Starting from October 31, 2024, Chrome users who update to version 127 or later will see warnings when visiting sites secured by certificates issued by Entrust or AffirmTrust. The warnings will highlight that the connection is not trusted, and users will encounter an error message (ERR_CERT_AUTHORITY_INVALID) when attempting to access these sites.

Major websites that currently rely on Entrust include Merrill Lynch, MoneyGram, and Ernst & Young. Google strongly advises these sites and others in a similar situation to switch to a different, publicly trusted CA as soon as possible to avoid disruptions and ensure the continued security of their users’ data.

While this move may seem drastic, it’s not unprecedented. In 2015, Google issued a similar ultimatum to Symantec due to the unauthorized issuance of HTTPS certificates. This latest action reiterates Google’s proactive stance in upholding internet security standards.

Chrome users can easily check the validity of a site’s certificate by clicking on the “lock” icon next to the address bar. If the certificate is issued by Entrust or AffirmTrust, users should exercise caution and consider using an alternative browser or waiting until the site switches to a trusted CA.

For enterprise users, Google will provide an option to continue trusting Entrust certificates, acknowledging that some organizations may have unique security requirements or constraints.

Google’s decision to revoke trust in Entrust and AffirmTrust certificates is a significant development in the ongoing battle for internet security. It serves as a stern warning to CAs to adhere to the highest security standards to maintain the trust of browser vendors and users alike.

Tags

About the author

Sovan Mandal

Sovan, with a Journalism degree from the University of Calcutta and 10 years of experience, ensures high-quality tech content. His editorial precision has contributed to the publication's acclaimed standards and consistent media mentions for quality reporting. Sovan’s dedication and attention to detail have greatly contributed to the consistency and excellence of our content, reinforcing our commitment to delivering the best to our readers.

Add Comment

Click here to post a comment

Follow Us on Social Media

Web Stories

5 Best Smartphones Under 30,000 in India 2024 5 Best Offline Games to Enjoy Without an Internet Connection 5 Best 5G Phones Under ₹20,000 You Can Buy Right Now Top 5 OTT Releases This Week (Oct 21-27): Zwigato, Hellbound Season 2 & More Streaming Now 5 Best Camera Phones Under ₹60,000 in October 2024 Top 4 Noise Cancelling Headphones Under 40000 in October 2024