How to Prepare for Google Chrome’s Distrust of Entrust Certificates: A Comprehensive Guide for Enterprises
On June 27, 2024, the Chrome Security Team announced a major update: Chrome version 127 and above will no longer trust new TLS/SSL certificates from Entrust Certificate Authority issued after October 31, 2024. This change will significantly impact website security, user trust and traffic. In this guide, we’ll break down the timeline, explore potential impacts and provide actionable steps for enterprises to smoothly transition to a trusted SSL solution.
Google Chrome to Distrust Entrust Certificates: What You Need to Know
1. What is the timeline of this change?
After October 31, 2024 Google Chrome will no longer trust new TLS/SSL certificates issued by Entrust. The certificates issued under nine Entrust root certificate authorities are impacted.
2. What do I do with my existing certificates?
TLS/SSL certificates issued before November 1, 2024 will remain trusted for the remainder of their validity period. This provides a window for organizations to plan and migrate, but organizations must take action prior to certificates expiring in order to avoid impacts on user experience.
3. What impact will this have on my enterprise?
Websites using Entrust TLS/SSL certificates will trigger security warnings in Chrome 127 and above, affecting user trust and traffic.
Steps to Prepare Your Enterprise for Google Chrome’s Distrust of Entrust Certificates
Inventory and Assessment: Conduct a thorough audit of all TLS/SSL certificates across your infrastructure, including those issued by Entrust or AffirmTrust CAs. Utilize tools for certificate discovery and inventory to identify those issued by Entrust. Prioritize certificates based on criticality, expiration dates and the impact on user experience. If you need assistance with helping discover your certificate, schedule time to speak with one of our experts.
Evaluate and Choose a Trusted CA: Research and choose a reputable alternative certificate authority (CA) that aligns with your security needs and budget. Look for CAs that offer robust certificate lifecycle management solutions, strong encryption standards and excellent customer support. HID Enterprise SSL is a trusted alternative, offering comprehensive certificate management and automation capabilities.
Develop a Migration Plan: Create a detailed timeline for certificate replacement, allocating resources and budget for the transition. This plan should include obtaining new certificates, installing them on your systems and testing functionality across different browsers and devices.
Replace and Revoke Old Certificates: Install new certificates through ACME or other available automation capabilities. Revoke the old Entrust certificates once you test the systems to complete the migration.
Communicate With Stakeholders: Keep stakeholders informed throughout the process, including IT teams, marketing teams responsible for website security messaging and customer support teams who may need to address user concerns.
Next Steps for Enterprises Facing Google Chrome Change
Our industry has experience with similar CA distrust events, such as Symantec’s CA distrust in 2018. A key takeaway is the importance of proactive planning and communication. By starting early, organizations can minimize disruption and ensure a smooth transition.
History shows that diversification is key to overcoming these challenges. It is vital to understand the importance of crypto-agility and not simply relying on a single certificate authority for critical business needs. Consider using multiple reputed certificate authorities to diversify your PKI infrastructure and reduce dependency on any one provider.
How to Make Your Transition as Smooth as Possible
Facing the risk of business disruptions due to Chrome’s distrust of Entrust certificates? Our experts are here to help. Our Enterprise SSL-as-a-Service enables seamless transition with automated and scalable certificate provisioning and management using ACME or RESTful APIs. Ensure your website remains secure and trusted.
Visit our Enterprise SSL Solutions page >>
Learn more about HID’s commitment to customers or to talk to a transition expert >>