Knowledge Base

Summary

Public TLS certificates issued from Entrust roots with a Signed Certificate Timestamp (SCT) dated after October 31, 2024, will not be trusted by Google Chrome.

• To be trusted by a browser, a certificate authority must comply with specific requirements defined by the CA/Browser Forum.
• To ensure trust is consistent and continuous, browsers receive regular audit reports about CA operations and compliance.

Certificate Authorities must work in good faith with browsers to fix and prevent issues. 

Recently, root programs indicated a lack of confidence in Entrust's TLS certificate issuance practices. Google ultimately decided to revoke its trust in Entrust on the Chrome browser.

What does this mean for Entrust customers?

• Public TLS certificates issued off  Entrust roots whose earliest SCT is after October 31, 2024, will no longer be valid on Google Chrome.
  Those Entrust certificates will be treated as an unsecured site.
• Any TLS certificate with an SCT dated before November 1, 2024, will be valid for its term.

Are you impacted by Google’s decision?

How do I import existing Entrust certificates into DigiCert​​®​​ Trust Lifecycle Manager?

A detailed, step-by-step guide can be found, here.