June 28, 2024 at 10:36AM
Google is ending its trust in Entrust due to a history of compliance and general improvement failures. From November 1 in Chrome 127, TLS server authentication certificates using Entrust or AffirmTrust roots won’t be trusted by default. This may require website owners to choose a new CA owner to avoid unsafe warnings for visitors.
After reviewing the meeting notes, it is clear that Google has decided to sever its trust in Entrust due to a series of compliance failures and general shortcomings impacting its reliability and integrity as a certificate authority (CA). This decision is reflected in Chrome 127’s beta version, as TLS server authentication certificates validating to Entrust or AffirmTrust roots won’t be trusted by default starting November 1.
Additionally, it’s highlighted that Mozilla also identified a list of certificate issues associated with Entrust between March and May, prompting a response from Entrust acknowledging procedural failures. However, Google’s decision indicates that it hasn’t fully accepted Entrust’s response.
The changes will impact Chrome users across major operating systems, and website owners are advised to choose a new CA owner before the November cutoff to avoid Chrome warning messages designating their sites as unsafe.
Overall, this decision from Google serves as a reminder to certificate authorities to uphold industry standards, as emphasized by Tim Callan, chief experience officer at Sectigo. Entrust has expressed disappointment and is working on plans to provide continuity to its customers despite this development.