Menu
Google to revoke trust in a Symantec root certificate

Google to revoke trust in a Symantec root certificate

Website owners and developers who have certificates linked to the soon-to-be-retired CA should get new ones

Very soon, the Android OS, Chrome browser and other Google products will stop trusting all digital certificates that are linked to a 20-year-old Verisign root certificate.

The announcement comes after Symantec unveiled plans to retire the Class 3 Public Primary Certification Authority from public use. This is a widely trusted CA that it acquired along with Verisign's SSL business in 2010.

In an alert, the company said that as of Dec. 1, it no longer was using the root certificate, which is trusted by default in most browsers and operating systems, to issue TLS/SSL or code signing certificates.

The company advises owners of digital certificates that chain back to the Class 3 Public Primary CA to obtain new ones that link back to a more modern root. Such replacement certificates are available for free.

According to Google, Symantec will not completely kill off the Class 3 Public Primary CA root and intends to use it for new, unspecified purposes. Because of this, the browser maker cannot guarantee that non-public certificates issued under this root in the future won't be used to "intercept, disrupt, or impersonate the secure communication of Google’s products or users."

"As Symantec is unwilling to specify the new purposes for these certificates, and as they are aware of the risk to Google’s users, they have requested that Google take preventative action by removing and distrusting this root certificate," said Ryan Sleevi, a Google software engineer, in a blog post.

The company will remove two versions of the Class 3 Public Primary CA certificate from its products' trust lists. One version is signed with SHA-1, a hashing algorithm that is in the process of being phased out, and one is signed with MD2, an even older hashing function. Both versions were issued in 1996 and are set to expire in 2028.

According to Google, Symantec doesn't believe that any of its customers who operate HTTPS websites, or their users, will be impacted. However, in its own advisory Symantec acknowledges that users might receive errors in the future if they try to access websites whose certificates chain back to the distrusted root.

This might also happen with signed applications if OS makers also start removing the Class 3 Public Primary CA certificate from their trust lists. Therefore developers should also change their certificates if their chain back to this root and re-sign their code.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments