#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

34.8 C
Dubai
Tuesday, July 23, 2024
Cybercory Cybersecurity Magazine
HomeTechnology & TelecomChrome Cuts the Cord: Entrust Certificates to be Blocked by September 2024

Chrome Cuts the Cord: Entrust Certificates to be Blocked by September 2024

Date:

Related stories

Meta Fined $220 Million by Nigeria: A Landmark Case for Data Privacy in Africa

In a landmark decision, Nigeria's National Information Technology Development...

Shadowy Strike: New Linux Variant of Play Ransomware Targets VMware ESXi

Ransomware attacks continue to plague businesses worldwide, and VMware...

Masquerading Menace: “EvilVideo” Exposes Telegram Android Vulnerability

Telegram, a popular cloud-based messaging platform, recently faced a...

Bug Bounty Bonanza: WazirX Launches Program After $230 Million Cyberattack

In the ever-changing landscape of cybersecurity, the Indian cryptocurrency...
spot_imgspot_imgspot_imgspot_img

In a significant move to bolster online security, Google announced that its Chrome browser will begin blocking websites using certificates issued by Entrust and its subsidiary AffirmTrust starting November 1, 2024. This decision follows a series of reported compliance failures and security concerns surrounding the certificate authority (CA).

This article delves into the details of Google’s decision, the implications for website owners, and provides actionable steps to ensure a smooth transition for a more secure web experience.

Losing Trust: Why is Google Blocking Entrust Certificates?

Entrust is a prominent Certificate Authority (CA) responsible for issuing digital certificates that verify the identity of websites and encrypt communication between users and servers. However, Google has expressed concerns about Entrust’s adherence to industry best practices and its ability to effectively manage vulnerabilities.

Here’s a breakdown of the key factors contributing to Google’s decision:

  • Compliance Failures: Publicly disclosed reports highlighted a pattern of concerning behavior by Entrust, suggesting a lack of commitment to upholding the rigorous standards expected of CAs.
  • Unfulfilled Improvement Promises: Allegations suggest Entrust failed to adequately address security issues and implement promised improvements in response to identified vulnerabilities.
  • Insufficient Response to Incidents: Delays and inadequate response times in addressing security incidents further eroded Google’s confidence in Entrust’s ability to maintain a secure and reliable service.

The Impact on Website Owners: Preparing for the Block

The upcoming block on Entrust certificates poses a potential challenge for website owners who rely on them for website security. Here’s what website owners need to be aware of:

  • Blocked Access for Chrome Users: Starting November 1, 2024, Chrome users visiting websites with Entrust certificates will encounter security warnings and may be unable to access the site. This could negatively impact website traffic and user experience.
  • Action Required by October 31st: Google advises website owners to migrate to a new, trusted CA before October 31, 2024. This ensures a seamless transition and avoids any disruption to user access.

10 Steps for Website Owners to Secure Their Sites

To ensure a smooth transition and continued website security, website owners should follow these steps:

  1. Inventory Your Certificates: Identify all certificates currently in use on your website and verify if any were issued by Entrust or AffirmTrust.
  2. Choose a New Trusted CA: Research and select a reputable CA with a strong track record of security and compliance. Popular options include DigiCert, Sectigo, and Let’s Encrypt.
  3. Obtain a New Certificate: Purchase or obtain (in the case of Let’s Encrypt) a new certificate from your chosen CA.
  4. Update Your Server Configuration: Install the new certificate on your web server and update your server configuration to use it for secure connections.
  5. Test Thoroughly: After implementing the new certificate, conduct thorough testing to ensure all website functionalities and secure connections work as expected.
  6. Communicate with Users (Optional): If necessary, consider informing your website users about the upcoming security update and potential changes they might encounter.
  7. Enable HSTS (Optional): For an additional security layer, consider enabling HTTP Strict Transport Security (HSTS) on your server. This enforces the use of HTTPS for all connections to your website.
  8. Automate SSL/TLS Certificate Management: Explore tools for automated SSL/TLS certificate management to streamline future certificate renewals and avoid potential lapses.
  9. Stay Informed: Subscribe to security blogs and resources to stay updated on the latest CA developments and best practices.
  10. Prioritize Security: View website security as an ongoing process, not a one-time fix. Regularly review your security posture and implement necessary updates to maintain a secure web presence.

Conclusion: A United Front for a Secure Web

Google’s decision to block Entrust certificates reflects a broader industry commitment to a more secure web environment. By prioritizing compliance and user trust, CAs play a critical role in maintaining the integrity of digital communication. Website owners have a responsibility to stay informed and adopt secure practices.

This incident highlights the importance of collaboration. Open communication between CAs, browser vendors, website owners, and security researchers fosters a more secure web ecosystem for everyone. By working together, we can ensure a trusted and secure online experience for all internet users.

Ouaissou DEMBELE
Ouaissou DEMBELEhttps://cybercory.com
Ouaissou DEMBELE is an accomplished cybersecurity professional and the Editor-In-Chief of cybercory.com. He has over 10 years of experience in the field, with a particular focus on Ethical Hacking, Data Security & GRC. Currently, Ouaissou serves as the Co-founder & Chief Information Security Officer (CISO) at Saintynet, a leading provider of IT solutions and services. In this role, he is responsible for managing the company's cybersecurity strategy, ensuring compliance with relevant regulations, and identifying and mitigating potential threats, as well as helping the company customers for better & long term cybersecurity strategy. Prior to his work at Saintynet, Ouaissou held various positions in the IT industry, including as a consultant. He has also served as a speaker and trainer at industry conferences and events, sharing his expertise and insights with fellow professionals. Ouaissou holds a number of certifications in cybersecurity, including the Cisco Certified Network Professional - Security (CCNP Security) and the Certified Ethical Hacker (CEH), ITIL. With his wealth of experience and knowledge, Ouaissou is a valuable member of the cybercory team and a trusted advisor to clients seeking to enhance their cybersecurity posture.

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_imgspot_imgspot_imgspot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here