Thursday, July 4, 2024

Chrome’s Entrust Certificate Distrust

Chrome Security Team (via Jeff Johnson, Hacker News):

Over the past six years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports. When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the Internet ecosystem, it is our opinion that Chrome’s continued trust in Entrust is no longer justified.


Blocking action will begin on approximately November 1, 2024, affecting certificates issued at that point or later.

Blocking action will occur in Versions of Chrome 127 and greater on Windows, macOS, ChromeOS, Android, and Linux. Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.


We recommend that affected website operators transition to a new publicly-trusted CA Owner as soon as reasonably possible.


1 Comment RSS · Twitter · Mastodon

Wow, they have 2500+ employees says Wikipedia. If web certificates are an important part of the biz, seems like the company has to change substantially & quickly to save their jobs.

Leave a Comment