Google to Reject Symantec's Secure Socket Layer Certifications
In a bid to promote secure web connections, Google has been making significant changes to its browser, Chrome, over the past few years. One of the most notable developments is the introduction of the "Not secure" label for HTTP sites with forms, starting from October 2017 with Chrome 62.
This change does not apply to sites requiring passwords or credit card information exclusively. Instead, it extends to all HTTP sites with form fields, such as search boxes or comment sections. Conversely, HTTPS sites continue to be marked as secure.
The introduction of this label is part of Google's ongoing efforts to encourage webmasters to migrate their sites from HTTP to HTTPS, as the latter ensures a secure, encrypted connection between client and server. An SSL certificate, a unique digital signature of a website, is essential for establishing this secure connection, particularly for the transfer of confidential information.
Starting with Chrome 66, Google began removing trust in Symantec-issued certificates issued before June 1, 2016. This decision was taken due to concerns about the security of these certificates, following Symantec's improper issuance of a number of certificates, including test certificates without domain owners' knowledge and other audit failures.
Google insists that Symantec conduct a security audit by a third party and implement Certificate Transparency for all SSL certificates going forward. This action was part of a broader effort to maintain digital certificate security and sustain trust in digital certificates by removing improperly issued ones from browsers’ trusted stores.
The policy was publicly announced by Google in September 2017, and it marks a significant step in the digital world's ongoing quest for security. It's worth noting that this change does not affect platforms like Facebook Messenger, Twitter, Pinterest, LinkedIn, Whatsapp, or email services.
Moreover, SSL certificates can be obtained in the USA, and there are professional opinion letters available for EV SSL, a combination of cryptographic protocols designed to provide high security over the internet. When customers see the padlock icon, the "https" prefix, and the green address bar in the URL, it indicates an EV SSL connection.
This shift towards a more secure web is not limited to Google. Firefox and Chrome have also started marking sites without SSL certificates as "unsafe" starting from January 2017. This change is intended to encourage webmasters to prioritise the safety of their sites, especially those requiring passwords and credit card information, by ensuring they have SSL certificates.
In conclusion, Google's efforts to promote secure web connections are a positive step towards maintaining the integrity and security of online transactions and communications. As we continue to rely more on the internet for our daily activities, it's crucial that we take measures to ensure our data remains safe and secure.
[1] Google Security Blog: https://security.googleblog.com/2017/09/moving-toward-more-secure-web.html [2] Certificate Transparency Blog: https://www.certificate-transparency.org/blog/2017/09/26/chrome-66-and-symantec-certificates/
Data-and-cloud-computing technology plays a crucial role in Google's ongoing efforts to promote secure web connections via SSL certificates, ensuring encrypted connections between client and server for safer online transactions and communications. This technology aids in the sustaining of digital certificate security, ultimately preserving trust in the digital world.
