Google has announced plans to block websites using certificates issued by Entrust beginning November 1st, 2024. This decision comes after concerns regarding Entrust’s ability to meet security standards and address vulnerabilities in a timely manner.
“Entrust’s pattern of concerning behavior has eroded trust in their competence and reliability,” stated Google’s Chrome security team, citing publicly disclosed incidents. These incidents raise concerns about the overall health of the internet ecosystem, as certificate authorities play a crucial role in securing communication between browsers and websites.
The block will affect websites accessed through Chrome versions 127 and above on Windows, macOS, ChromeOS, Android, and Linux devices. However, Google acknowledges that users and enterprises can choose to override these settings if necessary. Chrome for iOS and iPadOS are exempt due to Apple’s restrictions on the Chrome Root Store.
Websites using Entrust certificates will display an interstitial warning message informing users that the connection is not secure. To avoid disruption, website operators are urged to switch to a different certificate authority by October 31st, 2024.
While a temporary solution might involve obtaining a new Entrust certificate before the block, Google emphasizes the importance of ultimately obtaining a certificate from a trusted source included in the Chrome Root Store.
This move by Google highlights the critical role of certificate authorities in maintaining a secure online environment. By holding these authorities accountable for upholding security standards, Google aims to create a more trustworthy web experience for all.
