Story image

Symantec urges customers to replace SSL/TLS certificates before deadline

11 Oct 2017

Symantec has revealed some of the details surrounding DigiCert’s acquisition of the company’s website security and PKI solutions, and what it means for customers.

The acquisition was announced in August and will see DigiCert pay approximately $950 million in cash for Symantec’s solutions, while Symantec will receive 30% common stock equity of DigiCert’s business. The transaction is expected to be completed in 2018.

According to a blog posted by Symantec last week, the acquisition means there are more opportunities to benefit from a company whose sole purpose is to deliver identity, encryption and technology platforms.

Symantec has been preparing its PKI and certificate-signing business for the handover, and to comply with Google’s plan to replace Symantec-issued TLS server certificates. Mozilla aims to follow Google’s timeline.

“Transitioning our Website Security and related PKI solutions to DigiCert allows us to sharpen our enterprise focus on delivering unparalleled protection for the cloud generation through Symantec's Integrated Cyber Defense Platform,” comments Symantec’s CEO Greg Clark.

From December 1, 2017, all Symantec SSL/TLS certificates must be issued from a new PKI infrastructure. This is so that Google Chrome will trust all new certificates.

From March 15, 2018, Chrome will start to warn users that sites signed with SSL/TLS certificates were dated before June 1, 2016. While this will not impact encryption, it will present visitors with a disruptive message when using Chrome.

From September 13, 2018, Chrome will warn users about sites secured with SSL/TLS certificates issued by Symantec’s current PKI infrastructure. Again this will not affect encryption but will disrupt the visitor experience.

“DigiCert is committed to providing the market with innovative products, the highest level of trust, and experienced leadership in the SSL and PKI community. We are excited about the opportunities ahead, and will work toward a smooth transition for customers and employees of Symantec’s Website Security business,” comments DigiCert CEO John Merrill.

Symantec says that it will work with customers whose certificates were issued before June 1, 2016 and must be replaced by March 15, 2018.

“For those customers who leverage Symantec Complete Website Security, Symantec Trust Center Enterprise, Thawte Certificate Center Enterprise, and GeoTrust Enterprise Security Center, DigiCert will be starting its pre-authentication efforts soon so that come December 1, 2017, any enterprise certificates (new as well as those needing replacement) will be instantly issued.  This pre-authentication effort will be done at no additional cost to you,” the blog says.

Symantec says that some of its customers will have certificates that will be reissued by DigiCert once it takes control of the PKI processes.

This is scheduled to start from December 1, 2018 which will give customers as much time as possible to reissue certificates before the September 2018 deadline.

Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.