Story image

Symantec urges customers to replace SSL/TLS certificates before deadline

11 Oct 2017

Symantec has revealed some of the details surrounding DigiCert’s acquisition of the company’s website security and PKI solutions, and what it means for customers.

The acquisition was announced in August and will see DigiCert pay approximately $950 million in cash for Symantec’s solutions, while Symantec will receive 30% common stock equity of DigiCert’s business. The transaction is expected to be completed in 2018.

According to a blog posted by Symantec last week, the acquisition means there are more opportunities to benefit from a company whose sole purpose is to deliver identity, encryption and technology platforms.

Symantec has been preparing its PKI and certificate-signing business for the handover, and to comply with Google’s plan to replace Symantec-issued TLS server certificates. Mozilla aims to follow Google’s timeline.

“Transitioning our Website Security and related PKI solutions to DigiCert allows us to sharpen our enterprise focus on delivering unparalleled protection for the cloud generation through Symantec's Integrated Cyber Defense Platform,” comments Symantec’s CEO Greg Clark.

From December 1, 2017, all Symantec SSL/TLS certificates must be issued from a new PKI infrastructure. This is so that Google Chrome will trust all new certificates.

From March 15, 2018, Chrome will start to warn users that sites signed with SSL/TLS certificates were dated before June 1, 2016. While this will not impact encryption, it will present visitors with a disruptive message when using Chrome.

From September 13, 2018, Chrome will warn users about sites secured with SSL/TLS certificates issued by Symantec’s current PKI infrastructure. Again this will not affect encryption but will disrupt the visitor experience.

“DigiCert is committed to providing the market with innovative products, the highest level of trust, and experienced leadership in the SSL and PKI community. We are excited about the opportunities ahead, and will work toward a smooth transition for customers and employees of Symantec’s Website Security business,” comments DigiCert CEO John Merrill.

Symantec says that it will work with customers whose certificates were issued before June 1, 2016 and must be replaced by March 15, 2018.

“For those customers who leverage Symantec Complete Website Security, Symantec Trust Center Enterprise, Thawte Certificate Center Enterprise, and GeoTrust Enterprise Security Center, DigiCert will be starting its pre-authentication efforts soon so that come December 1, 2017, any enterprise certificates (new as well as those needing replacement) will be instantly issued.  This pre-authentication effort will be done at no additional cost to you,” the blog says.

Symantec says that some of its customers will have certificates that will be reissued by DigiCert once it takes control of the PKI processes.

This is scheduled to start from December 1, 2018 which will give customers as much time as possible to reissue certificates before the September 2018 deadline.

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.