Skip to main content

Update: Symantec asks Google to remove trust for one of its own certificates

symantec asks google remove trust one certificates headquarters
Image used with permission by copyright holder
Updated 12/16/2015 10:00am by Matt Smith

Symantec has released a new statement about the certificate that was removed from trust. 

In keeping with industry standards and best practices, Symantec notified major browsers in November, including Google, that they should remove or untrust a legacy root certificate from their lists called the VeriSign Class 3 Public Primary Certification Authority G1 (PCA3-G1). We advised this action because this particular root certificate is based on older, lower-strength security that is no longer recommended, hasn’t been used to generate new certificates in several years, and will now be repurposed to provide transition support for some of our enterprise customers’ legacy, non-public applications. By announcing that they will be blocking this root certificate, Google has indicated that they intend to do exactly as we requested, a step that other browsers started taking in 2014.

Obviously, this statement seeks to defuse any perception that this is due to a fault on Symantec’s part, which seems accurate given the context. 

Original Text: Google has decided to “distrust” a Symantec root certificate that the security company says is no longer compliant with security standards. The cert could have potentially been used to intercept users’ web traffic.

The move is the latest in a series of issues between Google and Symantec over trust for the latter’s digital certificates. In October, Google told the company that it must be more transparent over the issuing of TSL certificates for domain names.

Over the weekend, Google software engineer Ryan Sleevi wrote that Google has decided to distrust Symantec’s “Class 3 Public Primary CA” root certificate, used in Google products like Chrome and Android.

“Symantec has decided that this root will no longer comply with the CA/Browser Forum’s Baseline Requirements,” he said, explaining that the cert’s trust was cut off on December 1st. The Baseline Requirements are a set of criteria for best practices in the issuing of digital certificates for SSL/TLS servers.

“As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products,” said Sleevi.

Use of the vulnerable certificate could allow a malicious actor to spoof a Google service and target users or intercept web traffic. Symantec requested that Google remove and distrust the root certificate once it became aware of the security risk it would pose to users on Chrome and Android. Website owners and general users will not be affected, it added, as this is the usual procedure for dealing with legacy certs.

Google will still continue with its plan to remove trust for Symantec certificates if they do not introduce more transparency in how they issue certs by June 1st 2016. The ultimatum came after the company issued several certificates for domain names to people or organizations that did not own them. Symantec responded by firing an unspecified number of employees responsible for the error.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
The Mac is on the verge of entering a new era
The MacBook Air on a white table.

According to a new report from Bloomberg, Macs are about to get a serious revamp. Don't expect a redesigned chassis or better displays, though. This new era is all about AI -- betcha didn't see that one coming.

Reporter Mark Gurman says that Apple is expected to refresh the entire lineup of Macs with M4 chips that "emphasize" AI capabilities starting in late 2024 and heading into 2025. It's unknown whether this new emphasis is just marketing or will refer to a true technical change. Apple's Neural Engine has been part of the Mac since 2020, when it was introduced in the M1 chip for the purpose of speeding up AI workloads.

Read more
Best color laser printers for 2024: tested and reviewed
The Color LaserJet Pro 4301fdw has good photo print quality on glossy paper.

The best color laser printers can be a great investment, saving you quite a bit of time and money. For shoppers worried about the long-term ink costs, you'll find color laser printers surprisingly affordable. Laser printers use toner, which lasts a very long time, delivering a low cost per page for monochrome documents and fast color prints. The best color laser printers offer quick performance and reliability to help keep your home office or small business productive.

If you need to scan documents for record-keeping and photo capture or want the convenience of a color copier, an all-in-one color laser printer is an essential tool for your small business or personal use. For a small added cost, you get expanded capabilities. That's why every model on this list is an all-in-one from the best printer brands.

Read more
The best MacBook to buy in 2024
Apple MacBook Pro 16 downward view showing keyboard and speaker.

Now that Apple has started outfitting its laptops with its M3 generation of chips, it's time to take another look at which is the best MacBook to buy in 2024. That’s not always easy, though, as buying the newest MacBook isn’t always the right decision. Apple has several tiers of performance, as well as various sizes, which can further complicate the matter.

What’s more, you can also still get M1 and M2 MacBooks, some from Apple’s own website and some from third-party retailers. But are they still worth your money? Our guide should help you decide.

Read more