Last week, Google made a major announcement that impacts many internet users. Starting on November 1, 2024, Google Chrome will no longer trust TLS certificates from Entrust. This decision stems from what Google characterizes as "a pattern of concerning behaviors by Entrust."
Understanding Entrust certificates: ensuring secure online communications
Transport Layer Security, or TLS Certificates are digital security certificates issued by Entrust, one of the world's leading providers in this field. These certificates are essential for ensuring secure communication over the internet, as they help encrypt data and verify the authenticity of websites. When users visit a website, an Entrust Certificate assures them that their connection is secure and that the site is legitimate. These certificates are widely used by businesses, particularly for securing sensitive data and transactions. They play a crucial role in maintaining trust and security in online interactions, making them vital for industries like finance, healthcare, and e-commerce.
Why Google made this decision
Google's decision is a response to ongoing issues it has observed with Entrust. These issues have not been detailed publicly, but they were significant enough for Google to take this drastic step. Entrust's certificates are widely used, with a substantial portion of websites relying on them to secure their online communications.
Impact on websites
According to the security company AppViewX, this decision will impact many websites. They estimate that 21 percent of Fortune 1000 companies rely on certificates from Entrust. These companies include banks, e-commerce sites, and other organizations that handle sensitive data.
Murali Palanisamy, chief solutions officer at AppViewX, explains that after the deadline, websites still using Entrust certificates "will be marked as distrusted in Google Chrome." This means users will see warnings that the site is not secure. These warnings will likely deter users from visiting these sites, harming the company's reputation and potentially leading to customer loss and revenue decline.
How will it affect users?
For individual users, this change means they will encounter security warnings when visiting sites using Entrust certificates. Morey Haber, chief security advisor at BeyondTrust, believes this is a significant shift in internet security. He explains that these warnings are essential because they indicate a potential risk. Users are advised to exercise caution or consider avoiding the site altogether. In corporate environments, these warnings can be even more disruptive. Many companies have strict internet policies that block access to sites with security warnings. This could lead to confusion, frustration, and lost productivity, especially for users who do not understand the technical details behind this change.
Lukatsky suggests that site owners using Entrust certificates should switch to another provider to avoid these issues. This change would ensure their sites remain accessible and trusted by Chrome users.
Potential benefits of Google’s decision
Despite the challenges, some experts believe Google's move could have positive outcomes. Morey Haber argues that this decision underscores the importance of maintaining high standards in certificate issuance and management. By enforcing these standards, Google is taking a proactive step to enhance internet security.
Haber believes this decision will improve the overall security and trustworthiness of the internet. By highlighting the critical role of robust certificate management, Google is encouraging better practices across the industry.
Reaction from Entrust
Todd Wilkinson, president and CEO of Entrust, expressed disappointment with Google's decision. In a blog post, he argued that Google got its facts wrong but also acknowledged the need for improvement. "We understand what led us here. We are committed to improvement," said Wilkinson. This statement, while not an admission of guilt, suggests that Entrust is willing to address the issues raised by Google.
Future implications
The decision by Google is not just about security warnings. It has broader implications for the industry and the relationships between major tech companies. Morey Haber speculates that this move could lead to legal battles between Google and Entrust. The financial and reputational damage to Entrust could be significant, prompting lawsuits that may soon make headlines.
What can website owners do?
Website owners who use Entrust certificates need to take action before the November 1, 2024 deadline. They should start looking for alternative certificate providers to ensure their websites remain trusted by Google Chrome. This process involves researching and selecting a new provider, acquiring new certificates, and installing them on their servers.
The transition can be complex, especially for large organizations with many websites. However, it is necessary to avoid the negative consequences of having a distrusted website. Working with IT professionals and security experts can help streamline this process and ensure a smooth transition.
Conclusion
Google’s decision to stop trusting Entrust certificates marks a significant change in internet security. While it will initially create challenges for Chrome users and website owners, it also highlights the importance of strong certificate management practices. By pushing for higher standards, Google aims to enhance the security and integrity of online interactions. As Entrust works to address these issues, the internet community will be watching closely to see how this saga unfolds. The ultimate goal is a safer and more trustworthy online environment for everyone.
You May Also Like: Voice Search and its Implications for SEO and Content Marketing