Ask a Question

Advanced Search

Alert ID : ALERT2530

Last Modified : 10/16/2018

INFORMATIONAL: Identify Certificates Impacted by Potential Chrome Distrust



Chrome 70 is live as of 10-16-2018.  Distrust errors may not be displayed immediately as distrust is done in stages and independent of Chrome reelease dates. Please reference the following for more information,


Browsers and root program owners have plans to remove trust of all legacy Symantec SSL/TLS certificates issued under the Symantec infrastructure. Websites and applications secured with these legacy Symantec SSL/TLS certificates trigger security warnings in browsers and application relying on its root store:


More details from Google, Mozilla, Apple, and Microsoft:

Google security blog

Mozilla security blog

Apple information about distrusting Symantec certificate authorities

Microsoft partners with DigiCert to begin deprecating Symantec TLS certificates

DigiCert blog regarding Appple distrust

Symantec TLS/SSL certificates affected by distrust are based on their issuance date. Refer to this table and check your certificate inventory for certificates at risk of potential distrust.


  • Final distrust of the Symantec SSL/TLS certificates in Chrome 70 stable will occur independent of Chrome release date.

  • Apple distrust plan will affect not only browser but also applications you can download through the App store such as banking apps.
  • Root update will be in effect for iOS 11 and Mac OS Sierra.
  • Managed PKI for SSL and Complete Website Security (CWS) did not support no CT logging option between 6/1/2016 and 12/1/2017. All CT opt-out certs between them were logged with Root domain name.


Also distrusted - Certificates issued from the legacy Symantec root hierarchy on or after December 1, 2017
For uninterrupted business continuity, some Managed PKI for SSL customers continue to issue certificates from the legacy Symantec root hierarchy after the December 1, 2017 switch to the DigiCert hierarchy. These certificates are already distrusted by Google Chrome and will be distrusted by Apple on August 1, 2018.

To identify impacted certificates:

Complete Website Security: Find certificates impacted by potential Chrome distrust

Managed PKI for SSL: Generate a real-time report to identify certificates impacted by potential Chrome mistrust