Chrome 70 is live as of 10-16-2018. Distrust errors may not be displayed immediately as distrust is done in stages and independent of Chrome reelease dates. Please reference the following for more information,
On September 11, 2017, Google posted a blog entitled Chrome’s Plan to Distrust Symantec Certificates.
One aspect of Google’s proposal is that starting March 15, 2018, Chrome 66 will distrust the Symantec certificates issued prior to June 1, 2016 and Chrome 70 will eventually distrust all Symantec certificates issued under the current infrastructure. Symantec expects to issue all new public SSL/TLS certificates from the new infrastructure by December 1, 2017.
Additional information can be found in the following article: Replace Your Symantec SSL/TLS Certificates
Apple announced they will be distrusting SSL/TLS certificates issued from Symantec’s legacy root certificates, which includes the Thawte, GeoTrust, and RapidSSL brands. We have given guidance on replacing these certificates for compatibility with Google Chrome and Mozilla Firefox. This new announcement from Apple imposes later deadlines, and does not require any additional action if you have already followed our previous guidance.
Apple’s newly announced distrust will occur in two stages. For simplicity, neither stage requires you to make any changes to the existing migration plan needed for compatibility with Chrome and other browsers. If you have already replaced your certificates, you do not need to replace them again. Once you have installed SSL certificates that are issued from DigiCert roots, you will be compliant with all browsers.
Apple's announcement does not require you to make any changes to the existing migration plan needed for compatibility with Chrome and other browsers. Continue to follow our guidance on meeting the Chrome timelines and your reissued certificates will work with all browsers. The only certificates to be distrusted by Apple this summer are those that you should have already replaced to comply with Chrome 66 requirements.
Apple advisory: https://support.apple.com/en-hk/HT208860
Our blog: https://www.digicert.com/blog/our-latest-symantec-distrust-guidance-apple/
We recommend that you replace these certificates based on the Chrome release schedule.
Case 1: If you have Symantec certificates issued prior to June 1, 2016 that expire before March 15, 2018, there is no action required.
Case 2: If you have Symantec certificates issued prior to June 1, 2016 that expire on or after March 15, 2018 but before September 13, 2018, you must replace them by March 15, 2018.
Case 3: If you have Symantec certificates issued prior to June 1, 2016 that expire on or after September 13, 2018, you need to replace them starting December 1, 2017 and complete by March 15, 2018.
Case 4: If you have Symantec certificates issued on or after June 1, 2016 that expire on or after September 13, 2018, you need to replace them starting December 1, 2017 and complete by September 13, 2018.
Table view of information above:
|Case||Issued||Expires||Begin to Replace||Complete Replacement by|
|1||Before June 1, 2016||Before March 15, 2018||N/A – no action required||N/A – no action required|
|2||Before June 1, 2016||On or between March 15, 2018 and September 12, 2018||Any time||March 15, 2018|
|3||Before June 1, 2016||On or after September 13, 2018||December 1, 2017||March 15, 2018|
|4||On or after June 1, 2016||On or after September 13, 2018||December 1, 2017||September 13, 2018|
Please perform the following steps to generate a report to identify impacted certificates if you are a Symantec Trust Center (STC) customer of if you are a Symantec Trust Center Enterprise (STCE) customer.
Step 1: Identify Certificates to be Replaced
Step 2: Replace the Certificates Identified from Step 1
Additional information can be found in the Knowledge Base article entitled Replace an SSL Certificate from Symantec Trust Center account.
Step 1: Generate report
Step 2: Identify the certificates that are at risk
Step 3: Replace the certificates identified in Step 2
Additional information can be found in the Knowledge Base article entitled Replace SSL certificate within Symantec Trust Center Enterprise.