Google has planned on killing off Symantec certificates for Chrome 66. It was a decision based on a lot of issues caused over time, for example unreliable certificates such as example.com or test.com ran off tracks. Symantec issued certificates to different organizations with little oversight or appropriate investigation.
Site Operators Must Replace their Symantec Certificates
The certificates will no longer exist in March 2018 and until then Google has added some of their plans between this year and the due date. The certificates prior to June 1, 2016 will no longer be active in Chrome 66. Site operators who have Symantec certificates must replace their certificate with others that are trusted by Chrome.
After March-April 2018, Chrome will start to send warnings to those who haven’t got trusted certificates.
Symantec Handles their Infrastructure to DigiCert
On the other side, Symantec is giving their infrastructure to DigiCert and will be up and running until December, 2017. In order for DigiCert to be in accords with Google’s ultimatum they will have to oversee certificate sales by running PKI infrastructure and Managed Partner Infrastructure.
Until the ultimatum Google has added that the old Symantec infrastructure will be in a list of all untrusted certificates, a list which will be contained in a future update for Chrome.
If You Get Certificates from Symantec Until December You’ll have to Get New Ones Because of the Chrome 70 Update
Site owners will have to undergo several steps in order to get other certificates. In Chrome 70 all certificates that are related or have roots to Symantec will be killed off. The site owners who need certificates from the old Symantec infrastructure will have to get another set of certificate replacements because of the updated Chrome 70.
Note that this change will not affect site owners who don’t use Symantec portfolio certificates or everyday users who just browse the internet.