Join the community today
Register Now

SSL Google nullifies all Symantec EV SSL Certificates

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Mar 25, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    Wow this is huge news in SSL certificate world in that Google has punished Symantec by nullifying all Symantec EV (Extended Validation) SSL certificates Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated] !

    and eventually all Symantec SSL certificates will meet a similar fate !

     
  2. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    Google Groups
     
  3. bassie

    bassie Active Member

    542
    116
    43
    Apr 29, 2016
    Ratings:
    +354
    Local Time:
    1:07 AM
    If its good or bad to you, your neighbor or anyone else, it does not matter.
    Fact is that Google has become way too powerful.
     
  4. BamaStangGuy

    BamaStangGuy Active Member

    473
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    6:07 PM
    It is a catch 22 for me. I love it. While I hate monopolies, I feel like they still remain on the better side of morals when it comes to large corporations and they continuously fight against the U.S. surveillance state.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    indeed finding that balance

    But seriously Symantec mis-issuing 30,000 EV SSL certificates is crazy - that erodes the trust in the EV SSL process ! How should Symantec be penalised otherwise ?
     
    • Agree Agree x 2
  6. bassie

    bassie Active Member

    542
    116
    43
    Apr 29, 2016
    Ratings:
    +354
    Local Time:
    1:07 AM
    True but finding the balance is hard.
    Symantec should be penalized but now the genuine consumers are in fact screwed.
    Google is the same evil ... like almost all big techies.

    It gives a double feeling.
    A little bit of: It is a case of the pot calling the kettle black.
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah but I wonder how those companies paying for Symantec EV SSL certificates feel if some 3rd party managed to mis-issue and maliciously use a copy of their domains' EV SSL certificates ? Don't think the article states whether domain validated SSL certs have been mis-issued too though ? As a customer, I'd be moving off Symantec anyway for SSL certs.
     
  8. bassie

    bassie Active Member

    542
    116
    43
    Apr 29, 2016
    Ratings:
    +354
    Local Time:
    1:07 AM
    I'm curious how many customers say they go away and then really migrate the infrastructure afterwards.
    Symantec/VeriSign SSL is a big fish.

    Many large customers like Oracle and Governments with their complex solutions depends on Symantec/VeriSign SSL.
    You could migrate website SSL certs easy peasy but it does not apply of course to complex authentication mechanisms.
     
  9. Revenge

    Revenge Active Member

    289
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +228
    Local Time:
    12:07 AM
    1.9.x
    10.1.x
    Chrome is giving more than a year. Its more than enough for them to change to a more reliable company that issues certificates.
     
    • Agree Agree x 1
  10. Jimmy

    Jimmy Premium Member Premium Member

    1,138
    252
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +609
    Local Time:
    7:07 PM
    1.13.x
    MariaDB 10.1.x
  11. bassie

    bassie Active Member

    542
    116
    43
    Apr 29, 2016
    Ratings:
    +354
    Local Time:
    1:07 AM
    1 year is actual not that much.
    It's all about politics in cases like this.
    Nothing about the actual solutions created by engineers.

    Symantec Backs Its CA
     
    Last edited: Mar 25, 2017
  12. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    Will be interesting to see how this all plays out either way !
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    wow Symantec just put their foot in their mouth again http://thehackernews.com/2017/03/symantec-ssl-certificates.html

    and to make it worse Symantec knew of this since 2015!
     
  14. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
  15. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    Google Groups

    still an uphill battle it seems

     
  16. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    The end is near for Symantec ssl certificates Google to kill Symantec certs in Chrome 66, due in early 2018
     
  17. Andy

    Andy Active Member

    331
    47
    28
    Aug 6, 2014
    Ratings:
    +56
    Local Time:
    7:07 PM
    What SSL cert are you recommending George? I got my SSL from RapidSSL which is affected.
    Is it better to get a commercial ssl or just the free cert that can be generated with the centmin script?
     
  18. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,269
    Local Time:
    10:07 AM
    Nginx 1.13.x
    MariaDB 5.5
    As I resell paid SSL certificates, I provide my own for my own sites as well for Premium members Premium User Membership Explained (was at a discount back end though prices have come down on retail but not on wholesale heh).

    GGSSL/Comodo branded paid SSL certs but I only use paid SSL wildcard certs for *.domain.com as I has 100s of subdomains all covered by 1x SSL wildcard cert works out quite cheaply for ~US$40-80/yr

    But Centmin Mod free letsencrypt SSL certs do just fine too if you need domain validated (not wildcard ssl) SSL certs. Letsencrypt in Jan 2018 will start offering SSL wildcard certs too :)

    For existing Centmin Mod sites on 123.09beta01 Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates - you'd skip steps 7, 8 and 9 as you already have HTTPS default site and step 6 only need to replace your ssl cert and key paths with letsencrypt ones
     
    • Like Like x 1