Chrome Update Will Block Entrust Certificates by November 2024

Written by

Google has announced that starting November 1, 2024, Chrome version 127 and higher will no longer trust new TLS server authentication certificates from Entrust and AffirmTrust. 

The move follows a series of reported compliance failures, unfulfilled improvement commitments and insufficient progress in addressing publicly disclosed incident reports observed over the past six years. 

According to a blog post published by Google on 27 June, website owners are advised to transition to a new publicly trusted Certification Authority (CA) before the deadline to avoid disruptions.

Certification Authorities play a crucial role in securing encrypted connections between browsers and websites, adhering to stringent security and compliance standards. 

Google said its decision underscores the importance of these standards. More specifically, the Chrome Root Program Policy mandates that CA certificates must provide value that exceeds their risk. 

“When these factors are considered in [the] aggregate and [...] against the inherent risk each publicly trusted CA poses to the Internet ecosystem, it is our opinion that Chrome’s continued trust in Entrust is no longer justified,” reads the blog post.

Read more on Certification Authorities: EU Launches First Cybersecurity Certification for Digital Products

As a result of this update, after November 1, Chrome users visiting websites with certificates issued by Entrust or AffirmTrust will encounter security warnings.

Google said its action aims to preserve the integrity of the web ecosystem. Website operators are encouraged to review their certificates and transition to a different CA to prevent service interruptions. This change will apply to Chrome on multiple platforms, including Windows, macOS, ChromeOS, Android and Linux.

“The Entrust news is a sharp reminder of why it is so important for CAs to take their role as stewards of public trust very seriously. CAs have to hold themselves to the highest of standards, not only for the sake of their business but for all the people and businesses that depend on them,” commented Tim Callan, chief experience officer at Sectigo, an Arizona-based provider of certificate lifecycle management (CLM) solutions.

“With a shorter life cycle timeline of 90 days looming and the implications of quantum computing also on the horizon, things aren’t getting any less complicated. It’s more important than ever that CAs and CLM providers stay at the top of their game and fully comply with CA/Browser Forum rules and baseline requirements.”

Image credit: QubixStudio / Shutterstock.com

What’s hot on Infosecurity Magazine?