Chrome to distrust Symantec certificates from next year

Symantec transport layer security (TLS) certificates issued before June 1 2016 will not be trusted by Google's Chrome web browser from next year, following a spat between the companies over the issuance of fake digital credentials.

Darin Fisher, Google's vice president of the open source Chromium project, which is the foundation for the Chrome browser, outlined the timeline for distrusting the Symantec certificates by March 15 2018.

As the root certificate for Symantec will be removed, the move means credentials from the security vendor's Thawte, GeoTrust and RapidSSL subsidiaries will also be distrusted.

Google initially wanted to remove trust for the Symantec certificates in October this year, when Chrome version 62 is released.

But it decided that didn't given enough lead time for site operators, given the prevalence of Symantec certificates used on the internet.

Instead, Google settled on Chrome version 66, which will be released as a preview in January next year, beta by March, with stable code expected to appear in April.

Site operators are being asked to replace Symantec TLS server certificates that were issued before June 1 2016. The replacements can be from any trusted certificate authority (CA), including Symantec, Fisher said.

Symantec was forced to rebuild its CA infrastructure after it was sharply criticised by Google and its industry partners for sloppy certificate issuance practices.

The infrastructure is expected to be ready and able to issue new certificates from December this year.

Google's Chrome web browser is the most popular in the world, with around a 60 percent market share.