Google has announced that it will begin blocking websites that use Entrust certificates in its Chrome browser starting around November 1, 2024, citing compliance violations and the certificate authority’s failure to address security issues in a timely manner.
“Over the past few years, Incident Report Emphasized Patterns of concerning behavior Entrust’s services have failed to meet these expectations, undermining confidence in its competence, reliability and integrity as a publicly trusted service provider. [certificate authority] “Owner,” Google’s Chrome Security Team Said.
As such, the tech giant said it will not trust Entrust’s TLS server authentication certificates by default in Chrome browser version 127 and later, although it said Chrome users and enterprise customers will be able to override these settings if they wish.
Google further noted that certificate authorities play a privileged and trusted role in ensuring encrypted connections between browsers and websites, and that Entrust’s lack of progress in publicly disclosing incident reports and unfulfilled promises of improvements pose risks to the internet ecosystem.
The block will apply to Windows, macOS, ChromeOS, Android, and Linux versions of the browser, with a notable exception for Chrome on iOS and iPadOS, which will be blocked due to Apple policy. Chrome Root Store Prevent it from being used.
As a result, when you visit a website that offers a certificate issued by Entrust or AffirmTrust, Interstitial Messages It warns you that your connection is not secure or private.
Affected website operators are being urged to transition to a publicly trusted certificate authority holder by October 31, 2024, to minimize disruption. According to Entrust’s website, its solutions are used by Microsoft, Mastercard, VISA, VMware, and others.
“Website operators can delay the impact of the blocking by choosing to collect and install new TLS certificates issued by Entrust before Chrome’s blocking begins on November 1, 2024, but website operators will necessarily need to collect and install a new TLS certificate from one of the many other CAs included in the Chrome Root Store,” Google said.