Google will soon distrust Entrust SSL certificates

It’s no secret that SSL certificates are critical for website users to stay safe online. Major web browsers agree. So much so that unless a website is secured with an SSL trusted by that web browser, it will not load properly. 

So, trust is everything when it comes to SSL certificates. Recently, Entrust Certification Authority, a major player in SSL certificates lost that trust.

Google Chrome recently announced it will no longer trust SSL certificates by the Certificate Authority (CA) issued after October 31, 2024. This means that SSL certificates issued by Entrust will stop being recognized by Chrome browsers, effectively making them useless. 

Find out why Google made this decision and what you should do if you’re an Entrust customer.

Why Google chose to distrust Entrust

To understand Google’s decision, you must understand the role of CAs. CAs are the entities in charge of the issuance, revocation, and general maintenance of the SSL ecosystem. A big part of that is validating a website’s owner and vouching for each issued certificate with a cryptographic signature. 

Because of the authority CAs wield, trust is essential in maintaining SSL certificates across the web. To maintain this trust, CAs must fulfill the baseline requirements set out by the CA/Browser Forum, a group of SSL issuers and suppliers of Internet software that use SSL certificates. CAs must also follow the policies of individual web browsers, such as Google Chrome. 

In a blog post, Google explains how Entrust CA fell short of these expectations multiple times over the past few years. It points to multiple incident reports issued over the past few years that illustrate concerning behavior. Ultimately, Google has lost confidence in the CA’s “competence, reliability, and integrity as a publicly-trusted CA Owner.”

The impact of this decision

Chrome 127 and higher will no longer trust SSL certificates signed by Entrust Root certificates by default issued after October 31. This means if the certificate’s earliest signed certificate timestamp (SCT) is after October 31, it won’t be trusted by Google Chrome. 

SSL certificates validated by Entrust Roots with the earliest SCT on or before October 31 won’t be affected.

To avoid any impact on your website’s operations, if you have an Entrust certificate, you should switch SSL providers as soon as possible, especially if your current Entrust SSL is due to expire after October 31.

How to choose a reputable SSL CA

Don’t make snap decisions when purchasing an SSL certificate. Now that you know the importance of a reputable CA, you know the importance of researching a CA’s reputation before committing. Look for a proven track record of compliance with industry standards, cybersecurity, and reliability.

Don’t settle for less

Namecheap is partnered with Sectigo CA, one of the world’s leading commercial CAs that has been in the business for over two decades. Choosing an SSL certificate from Namecheap means premium security at an affordable price. 

Easily switch your SSL security to Namecheap today for guaranteed site protection you can trust.