Google Chrome To Block Sites With Entrust Web Certificates

Understanding TLS Certificates

Transport Layer Security (TLS) certificates are crucial for securing online communications. They encrypt data between users and websites, ensuring that sensitive information like passwords and credit card numbers remains confidential. Certificate authorities (CAs) issue these certificates, verifying the legitimacy of websites.

What Is Happening?

Google has announced that, starting November 1, 2024, its Chrome browser will block websites using TLS certificates from Entrust. This decision follows Entrust's repeated failures to meet compliance standards and address security issues promptly.

Google's Statement

According to Google’s Chrome security team, a series of publicly disclosed incidents revealed behaviors by Entrust that undermine trust in its competence and reliability as a CA. As a result, Google will no longer trust TLS server authentication certificates from Entrust in Chrome versions 127 and higher by default. However, users and enterprise customers can choose to override these settings if needed.

Impact on Devices

The blocking will apply to Chrome on Windows, macOS, ChromeOS, Android, and Linux. However, Chrome on iOS and iPadOS will not be affected due to Apple's policies that restrict the use of the Chrome Root Store.

Why Does This Matter?

CAs like Entrust play a critical role in maintaining secure, encrypted connections on the internet. When a CA fails to respond adequately to security issues, it poses risks to the entire internet ecosystem. Google's action aims to safeguard users from potential vulnerabilities associated with Entrust's certificates.

Who Is at Risk?

Website Operators

Operators of websites using Entrust or AffirmTrust certificates are at risk of having their sites blocked by Chrome, resulting in warnings that the connection is not secure. Major companies like Microsoft, Mastercard, VISA, and VMware, who use Entrust solutions, could be significantly affected.

Users

Users attempting to access affected websites will encounter warnings about insecure connections, which may deter them from proceeding. This can disrupt their online experience and compromise their data security.

How to Protect Yourself

For Website Operators

1. Switch to a Trusted CA: Move to another publicly-trusted CA before October 31, 2024, to avoid disruptions. Google provides a list of trusted CAs in the Chrome Root Store.

2. Install New TLS Certificates: Even if operators delay the impact by obtaining a new certificate from Entrust before the deadline, they will ultimately need to switch to a different CA to ensure continued trust in Chrome.

3. Monitor Updates: Stay informed about further announcements from Google and other browser vendors regarding CA trust decisions.

For Users

1. Stay Informed: Be aware of the potential security warnings when visiting websites, especially after November 1, 2024.

2. Check Security Alerts: If you receive a warning about a website's security certificate, consider whether you trust the site before proceeding.

3. Use Updated Browsers: Ensure your browser is up to date to benefit from the latest security features and protections.

Conclusion

Google's decision to block Entrust certificates in Chrome underscores the importance of maintaining rigorous security standards for CAs. By understanding the implications and taking proactive measures, both website operators and users can protect themselves from potential risks associated with insecure connections.

As the deadline approaches, affected parties must act promptly to ensure their online security and maintain user trust. For a seamless browsing experience, it's crucial to stay informed and prepared for these changes.