If you have a Thawte, GeoTrust, RapidSSL or Symantec-issued SSL/TLS certificate, you could have a big problem. Your site might be be showing the warning: “This site’s security certificate is not trusted!” to visitors using Chrome or Firefox.
Last year, browser developers including Google (Chrome) and Mozilla (Firefox) threatened to stop recognizing Symantec-issued SSL certificates. If your site has SSL certificates from Symantec companies, you have two key deadlines to meet — March 15, 2018, and Sept. 13, 2018 — for replacing affected certificates to avoid Chrome and Firefox security warnings.
March 15: Chrome 66 distrusts certificates issued by Symantec before June 1, 2016.
September 13: Chrome 70 beta will distrust all certificates issued by Symantec.
There is a good chance that if a visitor to your website sees this warning, they will abandon your site thinking that their personal information or computer could be compromised.
Your brand cannot afford to lose trust and your site cannot afford to lose prospects before they convert.
How to Fix Your Symantec SSL Certificate
All certificates issued from VeriSign roots — including Symantec, Thawte, GeoTrust and RapidSSL certificates — need to be reissued.
In October 2017, DigiCert Inc. acquired Symantec’s Website Security and related PKI Solutions.
According to DigiCert Executive Vice President Jeremy Rowley, the company will reach out to customers to let them know which of their TLS certificates are affected, and when they need to be reissued. Rowley indicated that DigiCert will replace affected certificates at no cost.
“If you have Symantec certs, don’t wait until September 2018 to replace them. Your domains and organizations need to be validated and you need time to install the new certificate so your website doesn’t get tagged with security warnings.” – Anthony Caccavale, Technical SEO Specialist
Getting Ready for SSL Certification
In this situation, or anytime you are considering adding or renewing SSL certification for your site, you need to:
- Verify that you have control over your domain.
The default Domain Control Validation (DCV) method is email validation — an authorization email to the registered owners of the domains listed publicly on a WHOIS record.
- Answer the verification/authentication call.
You will need to answer a call to a verified phone number to complete organization validation/authentication.
- Provide the legally-registered organization name.
You must provide your business’s legally-registered name to be validated/authenticated.
- Create a third-party online presence.
You need an online presence for your organization (legal name, address, and phone) beyond your website and/or other listing you own/control. We recommend using Google My Business or a directory like Dun & Bradstreet.
Get SSL Help
If you are concerned about your SSL certificate, you can access a team of digital marketing experts at Knucklepuck who are well-versed in SSL certificates. We can help you rest easy knowing that customers and potential customers visiting your site are not met with a security warning.