Posted by Devon O’Brien, Ryan Sleevi, Emily Stark, Chrome security team
We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this deprecation, and if so, what needs to be done and by when. Failure to replace these certificates will result in site breakage in upcoming versions of major browsers, including Chrome.
Chrome 66
If your site is using a SSL/TLS certificate from Symantec that was issued before June 1, 2016, it will stop functioning in Chrome 66, which could already be impacting your users.
If you are uncertain about whether your site is using such a certificate, you can preview these changes in Chrome Canary to see if your site is affected. If connecting to your site displays a certificate error or a warning in DevTools as shown below, you’ll need to replace your certificate. You can get a new certificate from any trusted CA, including Digicert, which recently acquired Symantec’s CA business.
![]() |
An example of a certificate error that Chrome 66 users might see if you are using a Legacy Symantec SSL/TLS certificate that was issued before June 1, 2016. |
![]() |
The DevTools message you will see if you need to replace your certificate before Chrome 66. |
Chrome 66 has already been released to the Canary and Dev channels, meaning affected sites are already impacting users of these Chrome channels. If affected sites do not replace their certificates by March 15, 2018, Chrome Beta users will begin experiencing the failures as well. You are strongly encouraged to replace your certificate as soon as possible if your site is currently showing an error in Chrome Canary.
![]() |
The DevTools message you will see if you need to replace your certificate before Chrome 70. |
Release |
First Canary |
First Beta |
Stable Release |
Chrome 66 |
January 20, 2018 |
~ March 15, 2018 |
~ April 17, 2018 |
Chrome 70 |
~ July 20, 2018 |
~ September 13, 2018 |
~ October 16, 2018 |

Article Link: http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~3/IlAtMP7fTvY/distrust-of-symantec-pki-immediate.html