Google Chrome will flag sites with invalid Entrust certificates
By ForGeeks From the earliest days of computer technology, scientists have recognized the need to transmit information securely. Early computer protocols such as Telnet transmitted data (such as usernames and passwords) over the Internet without encryption, making it visible to anyone. These protocols have been replaced by more secure protocols that use public key encryption to transfer data, and similar encryption is used by most websites today to securely move your information between their servers and your browser.
Sites use digital certificates to prove their identity and provide public cryptographic keys that your browser can use to establish a secure connection. But your browser won’t trust any certificate. Instead, your browser has an internal list of trusted certificate publishers (these are commonly called root stores, here’s Chrome’s root store) that it automatically establishes a secure connection with. Google announced today that it’s removing at least one certificate publisher from that list. Who’s falling out of favor?”
Who’s falling out of favor?
In a post published today on Google’s security blog (discovered by 9to5Google), the company highlights Entrust’s certificate authority (CA). It appears that Entrust did not commit a specific act to get blacklisted by Google, but exhibited a certain pattern of behavior. To get on the list of trusted CAs, you have to go through a lot of checks, and Google makes it clear on their blog that Entrust «has not met» their expectations. Entrust’s removal from the elite CAs will not happen immediately. Any Entrust certificate issued after October 31, 2024 will no longer be automatically trusted by Chrome. This does not mean that Chrome users will lose access to any sites using Entrust certificates, users will simply need to manually enable Entrust trust or go through a warning screen when visiting a site with Entrust certificates. This change will affect all Chrome users, except iOS users.
All Chrome users will be affected by this change.
Why it’s important to care about certificates
You’ve probably come across certificate warnings in your browser if you’ve been wandering around the internet at all. In most cases, it’s not much of a danger if you go to one of these sites labeled by your browser as «dangerous» but you should be aware that these sites probably don’t use encryption to transfer data between the server and the browser. This means that if you use your username or password on one of these unsafe sites, someone could eavesdrop and take that information from you. In other words, don’t use personal information on unsafe sites. Having an up-to-date certificate is also a sign that the site cares about its security. Given that any site using Entrust will now be considered untrusted, many large Internet companies are probably looking to change their certificate providers. Entrust is currently used by sites such as MoneyGram and the US Department of Energy, but unless Entrust manages to strike a deal with Google, they will almost certainly be switching providers. It’s worth noting that Entrust is still on Firefox’s list of trusted CAs, but given that Chrome controls over 65% of the browser market, Firefox’s opinion of Entrust is unlikely to change the situation.
With Chrome controlling over 65% of the browser market, Entrust’s opinion of Firefox is unlikely to change.
