Google Chrome to Block Entrust Certificates Starting November 2024: What You Need to Know

Google has announced that starting November 1, 2024, its Chrome browser will block websites using certificates from Entrust. This decision follows concerns over Entrust's ability to address security issues and comply with industry standards. Why Is Google Blocking Entrust Certificates? Google's Chrome security team cited a pattern of problematic behavior and compliance failures by Entrust. These issues have eroded confidence in Entrust's reliability and integrity as a certificate authority (CA). As a result, Chrome versions 127 and higher will no longer trust TLS server authentication certificates from Entrust by default. However, users and enterprise customers can override these settings if they choose. Impact on Users and Website Operators The blocking action will affect Chrome on Windows, macOS, ChromeOS, Android, and Linux. Chrome for iOS and iPadOS is excluded due to Apple's policies, which do not allow the use of the Chrome Root Store. When users navigate to a website with an Entrust or AffirmTrust certificate, they will see a warning message indicating that their connection is not secure. This can disrupt access to these websites unless changes are made. What Should Website Operators Do? Website operators using Entrust certificates need to switch to a different publicly-trusted CA by October 31, 2024, to avoid disruption. Entrust's clients include major companies like Microsoft, Mastercard, VISA, and VMware, so the impact could be significant. Google advises that while operators can temporarily mitigate the impact by installing new TLS certificates from Entrust before the November deadline, they will eventually need to transition to a CA included in the Chrome Root Store. Google's decision to block Entrust certificates is a critical reminder of the importance of maintaining high security standards. Website operators must act promptly to ensure seamless user experiences and maintain secure connections. By transitioning to trusted CAs, they can continue to provide safe and reliable services to their users.