Trends
SHARE
Facebook X Pinterest WhatsApp

Chrome to Block Entrust Certificates in November 2024

Millions of websites could be displaying security warnings in Google Chrome starting this November regarding its trust in certificates issued by a major certificate authority. Find out if your site is affected now.

Written By
thumbnail Sunny Yadav
Sunny Yadav
Co-Author
thumbnail Meghan Lafferty
Meghan Lafferty
Jul 5, 2024
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Millions of websites could be displaying security warnings in Google Chrome starting this November. The cause? A recent announcement by Google Chrome regarding its trust in certificates issued by a major certificate authority (CA), Entrust.

Website security is paramount in today’s digital age. That little lock icon in your browser address bar signifies a secure connection, protected by an SSL/TLS certificate. These certificates act as digital passports, verifying a website’s identity and encrypting communication between your browser and the site.

Google Chrome, with its dominant market share in web browsing, plays a crucial role in maintaining online security standards. The recent announcement regarding Entrust certificates raises concerns about the safety of millions of websites and the user experience.

Why the Distrust? A Look at Entrust’s Certificate Issues

Google’s decision to distrust Entrust certificates isn’t a sudden move. According to the Google Security Blog, the Chrome team has observed “a pattern of compliance failures” by Entrust over the past few years, including delayed revocations, unmet improvement commitments, and lack of transparency.

When a security issue is discovered with a specific certificate, it needs to be revoked promptly to prevent misuse. Entrust has been criticized for delays in revoking compromised certificates. Also, Entrust reportedly made promises to address security concerns but failed to deliver on those commitments. At last, transparency is crucial in the world of CAs. Audits revealed a lack of confidence in Entrust’s certificate issuance practices, raising red flags for Google.

These ongoing issues led Google to conclude that Entrust certificates no longer meet the security standards required for Chrome’s trusted root store. Chrome won’t be blocking any website, though. 

Impact on Users and Website Owners: Warnings, Not Blockades

While the headlines might scream “millions affected,” it’s not quite that dramatic.

Starting November 1, 2024, Chrome will display security warnings when users visit websites with Entrust certificates issued after October 31, 2024. Such warnings can be confusing and deter users from accessing trusted websites.

Website owners can easily check if their website is affected by using the Chrome Certificate Viewer. Here’s how:

  1. Open Chrome and navigate to your website.
  2. Click the tune icon in the address bar.
  3. Select “Connection is secure” and then “Certificate is valid.”
  4. The Chrome Certificate Viewer will display details about the website’s certificate, including the issuing CA.
  5. If the “Issued by” field mentions “Entrust” or “Affirm Trust” and the certificate expires after October 31, 2024, your website will be impacted by Chrome’s distrust.

Malicious actors could exploit this situation by creating fake websites with valid certificates (issued before November) to trick users into thinking they’re secure.

What Can Website Owners Do?

The security warnings from Chrome will typically appear as a red exclamation mark next to the lock icon in the address bar, accompanied by a message like “The connection is not secure.” Chrome will offer options to proceed despite the warning (not recommended unless absolutely necessary) or to exit the website.

Don’t panic upon encountering a security warning, but exercise caution. Double-check the website address for typos and ensure it matches what you intended to visit. Bookmark frequently visited sites.

If your website uses an Entrust certificate set to expire after October 31st, you need to act before November 1st. The process involves obtaining a new certificate from a different trusted CA. Many reputable CAs exist, so explore your options and choose one that aligns with your needs.

The Importance of Trusted CAs & Choosing a New One

Imagine a world where anyone could create a fake ID and impersonate a trusted institution. That’s essentially what could happen in the wild west of the internet without trusted certificate authorities. CAs act as gatekeepers, verifying a website’s identity and issuing SSL/TLS certificates that vouch for its legitimacy.

Such certificates are crucial for establishing secure connections and building user trust. Google’s decision to distrust Entrust certificates highlights the importance of choosing reputable CAs with robust security practices.

Trusted CAs undergo thorough audits to confirm their compliance with stringent industry standards. These standards are often outlined in programs like the Chrome Root Program Policy. This policy, established by Google, defines the requirements CAs must meet to be included in Chrome’s trusted root store. The program policy emphasizes secure certificate issuance procedures, vulnerability management, and timely revocation of compromised certificates.

The good news is there are plenty of reputable CAs available. While making a choice, look for a CA with a proven track record of security and reliability. Consider factors like validation levels (domain validation, organization validation, extended validation) and customer support options when making your choice. Also, pricing models and offered features can vary. Choose a plan that meets your budget and website needs.

Seek help from web hosting providers or IT professionals if needed. Resources like the Google Security Blog post announcing the change and online guides comparing different Certificate Authorities can help you navigate this transition. Don’t wait until the last minute to ensure a smooth transition for your website visitors.

The Road Ahead

Google’s decision to distrust Entrust certificates sets a precedent for stricter enforcement of the Chrome Root Program Policy. This could potentially impact other CAs in the future if they fail to meet evolving security standards. It also rekindles the debate about centralized control of trust by large corporations. Google’s actions prioritize user security, but fostering competition and a healthy balance within the CA ecosystem remains crucial.

This decision is a significant development in the ongoing battle for online security. While the immediate impact might be warnings on websites, it underscores the importance of robust security practices within the CA ecosystem.

For users, a healthy dose of caution when encountering unexpected security warnings is key. Website owners, on the other hand, should view this as an opportunity to reassess their security posture and choose a trusted CA that prioritizes user safety. Ultimately, this move by Google has the potential to strengthen online security for everyone involved.

Learn more about the different types of cloud security management in our detailed guide to get a better idea of how you can strengthen your online security.

thumbnail Sunny Yadav

Sunny is a content writer for eSecurity Planet (eSP) with a bachelor’s degree in technology and experience writing for leading cybersecurity brands like Panda Security, Upwind, and Vanta. At eSP, he covers the latest news on cyberattacks, cryptography, data protection, and emerging threats and vulnerabilities. He also explores security policies, governance, and endpoint and mobile security. Sunny enjoys hands-on testing, rigorously evaluating tools to assess their capabilities and real-world performance. He also has extensive experience working with AI tools like ChatGPT and Gemini, experimenting with their applications in cybersecurity, content creation, and research.

Recommended for you...

thumbnail From LinkedIn to Lies: What a Job Scam Looks Like Now
Trends
From LinkedIn to Lies: What a Job Scam Looks Like Now
Aminu Abdullahi
May 21, 2025
thumbnail Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook
Trends
Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook
Aminu Abdullahi
May 12, 2025
thumbnail RSA Conference 2025: Top Announcements and Key Takeaways from the Cybersecurity World’s Biggest Stage
Trends
RSA Conference 2025: Top Announcements and Key Takeaways from the Cybersecurity World’s Biggest Stage
Aminu Abdullahi
May 1, 2025
thumbnail NVIDIA: Agentic AI Is Reshaping Cybersecurity Defense
Cybersecurity
NVIDIA: Agentic AI Is Reshaping Cybersecurity Defense
Aminu Abdullahi
Apr 30, 2025
eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

facebook
linkedin
x

Company

About us Contact us Advertise with us

Categories

Best Products Networks Cloud Threats Trends Endpoint Applications Compliance

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information