Ask a Question

Alert ID : ALERT2528

INFORMATIONAL: RapidSSL Security Center - Identify Certificates Impacted by Potential Chrome Distrust

INFORMATION

Description

On September 11, 2017, Google posted a blog entitled Chrome’s Plan to Distrust Symantec Certificates.

One aspect of Google’s proposal is that starting March 15, 2018, Chrome 66 will distrust the RapidSSL certificates issued prior to June 1, 2016 and Chrome 70 will eventually distrust all RapidSSL certificates issued under the current infrastructure. RapidSSL expects to issue all new public SSL/TLS certificates from the new infrastructure by December 1, 2017.

A summary is also available in the following article: Replace Your Symantec SSL/TLS Certificates


We recommend that you replace these certificates based on the Chrome release schedule.

Case 1: If you have RapidSSL certificates issued prior to June 1, 2016 that expire before March 15, 2018, there is no action required.

Case 2: If you have RapidSSL certificates issued prior to June 1, 2016 that expire on or after March 15, 2018 but before September 13, 2018, you must replace them by March 15, 2018.

Case 3: If you have RapidSSL certificates issued prior to June 1, 2016 that expire on or after September 13, 2018, you need to replace them starting December 1, 2017 and complete by March 15, 2018.

Case 4: If you have RapidSSL certificates issued on or after June 1, 2016 that expire on or after September 13, 2018, you need to replace them starting December 1, 2017 and complete by September 13, 2018.

Table view of information above:

Case Issued Expires Begin to Replace Complete Replacement by
1 Before June 1, 2016 Before March 15, 2018 N/A – no action required N/A – no action required
2 Before June 1, 2016 On or between March 15, 2018 and September 12, 2018 Any time March 15, 2018
3 Before June 1, 2016 On or after September 13, 2018 December 1, 2017 March 15, 2018
4 On or after June 1, 2016 On or after September 13, 2018 December 1, 2017 September 13, 2018

 


Please perform the following steps to generate a report to identify impacted certificates.

Step 1: Identifying Certificates to be Replaced

  1. Access the RapidSSL Security Center
  2. Click on Expires to re-organize the certificate list by expiration date.
  3. Refer to the Cases listed above to determine which certificates are needed for replacement.

Step 2: Replace the certificates identified in Step 1

Additional information can be found in the Knowledge Base article entitled RapidSSL Security Center: Certificate Replacement Procedure