Story image

Symantec urges customers to replace SSL/TLS certificates before deadline

11 Oct 2017

Symantec has revealed some of the details surrounding DigiCert’s acquisition of the company’s website security and PKI solutions, and what it means for customers.

The acquisition was announced in August and will see DigiCert pay approximately $950 million in cash for Symantec’s solutions, while Symantec will receive 30% common stock equity of DigiCert’s business. The transaction is expected to be completed in 2018.

According to a blog posted by Symantec last week, the acquisition means there are more opportunities to benefit from a company whose sole purpose is to deliver identity, encryption and technology platforms.

Symantec has been preparing its PKI and certificate-signing business for the handover, and to comply with Google’s plan to replace Symantec-issued TLS server certificates. Mozilla aims to follow Google’s timeline.

“Transitioning our Website Security and related PKI solutions to DigiCert allows us to sharpen our enterprise focus on delivering unparalleled protection for the cloud generation through Symantec's Integrated Cyber Defense Platform,” comments Symantec’s CEO Greg Clark.

From December 1, 2017, all Symantec SSL/TLS certificates must be issued from a new PKI infrastructure. This is so that Google Chrome will trust all new certificates.

From March 15, 2018, Chrome will start to warn users that sites signed with SSL/TLS certificates were dated before June 1, 2016. While this will not impact encryption, it will present visitors with a disruptive message when using Chrome.

From September 13, 2018, Chrome will warn users about sites secured with SSL/TLS certificates issued by Symantec’s current PKI infrastructure. Again this will not affect encryption but will disrupt the visitor experience.

“DigiCert is committed to providing the market with innovative products, the highest level of trust, and experienced leadership in the SSL and PKI community. We are excited about the opportunities ahead, and will work toward a smooth transition for customers and employees of Symantec’s Website Security business,” comments DigiCert CEO John Merrill.

Symantec says that it will work with customers whose certificates were issued before June 1, 2016 and must be replaced by March 15, 2018.

“For those customers who leverage Symantec Complete Website Security, Symantec Trust Center Enterprise, Thawte Certificate Center Enterprise, and GeoTrust Enterprise Security Center, DigiCert will be starting its pre-authentication efforts soon so that come December 1, 2017, any enterprise certificates (new as well as those needing replacement) will be instantly issued.  This pre-authentication effort will be done at no additional cost to you,” the blog says.

Symantec says that some of its customers will have certificates that will be reissued by DigiCert once it takes control of the PKI processes.

This is scheduled to start from December 1, 2018 which will give customers as much time as possible to reissue certificates before the September 2018 deadline.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.