Google has announced that starting November 1, 2024, it will begin blocking websites that use certificates from Entrust in its Chrome browser, citing compliance failures and the certificate authority’s failure to address security issues in a timely manner.
“Over the past few years, they have been publicly disclosed incident reports allocated a pattern of behavior concerning from Entrust, who have failed to live up to the above expectations and have undermined confidence in their competence, reliability and integrity as a trusted organization (certification center) owner”, Google Chrome Security Group said.
To that end, the tech giant said it no longer intends to trust Entrust’s TLS server authentication certificates starting with Chrome version 127 and above by default. However, it has been said that these settings can be overridden by Chrome users and enterprise customers if they wish.
Google also noted that CAs play a privileged and trusted role in ensuring encrypted connections between browsers and websites, and that Entrust’s lack of progress when it comes to publicly disclosed incident reports and unfulfilled improvement commitments poses a risk to the Internet. ecosystems.
The blocking action is expected to cover Windows, macOS, ChromeOS, Android and Linux browser versions. The notable exception is Chrome for iOS and iPadOS due to Apple’s disallowing policy Chrome Store Root from use.
As a result, users who navigate to a website that serves a certificate issued by Entrust or AffirmTrust will encounter intermediate message which warns them that their connection is not secure or private.
Affected website operators are advised to switch to a trusted CA to minimize disruption until October 31, 2024. According to Entrust’s website, its solutions are used by Microsoft, Mastercard, VISA and VMware, among others.
“While website operators could delay the blocking effect by choosing to collect and install a new Entrust-issued TLS certificate before Chrome’s blocking takes effect on November 1, 2024, website operators will inevitably need to collect and install a new TLS certificate from one many other CAs included in Chrome’s root store,” Google said.
