Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      World Bank set to back South Africa’s big energy grid roll-out

      20 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Sita hits back at critics, promises faster, automated procurement

      20 June 2025

      The transatlantic race to create the first television

      20 June 2025

      Listed: All the MVNOs in South Africa – 2025 edition

      19 June 2025
    • World

      Watch | Starship rocket explodes in setback to Musk’s Mars mission

      19 June 2025

      Trump Mobile dials into politics, profit and patriarchy

      17 June 2025

      Samsung plots health data hub to link users and doctors in real time

      17 June 2025

      Beijing’s chip champions blacklisted by Taiwan

      16 June 2025

      China is behind in AI chips – but for how much longer?

      13 June 2025
    • In-depth

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025
    • TCS

      TCS+ | AfriGIS’s Helen Hulett on how tech can help resolve South Africa’s water crisis

      18 June 2025

      TechCentral Nexus S0E2: South Africa’s digital battlefield

      16 June 2025

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025

      TCS+ | The future of mobile money, with MTN’s Kagiso Mothibi

      6 June 2025

      TCS+ | AI is more than hype: Workday execs unpack real human impact

      4 June 2025
    • Opinion

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » Urgent action required: Google to end trust in Entrust certificates

    Urgent action required: Google to end trust in Entrust certificates

    Promoted | Google has announced that it will start blocking websites that use certificates from Entrust in its Chrome browser.
    By CYBER1 Solutions10 July 2024
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Urgent action required: Google to end trust in Entrust certificatesGoogle has announced that it will start blocking websites that use certificates from Entrust in its Chrome browser beginning 1 November 2024.

    This decision affects Chrome versions across macOS, Windows, ChromeOS, Linux and Android platforms. However, Chrome for iPadOS and iOS will remain unaffected due to Apple’s policies, which do not permit the use of the Chrome Root Store.

    The primary reasons for this move are compliance issues and Entrust’s inability to address security problems promptly. Google has emphasised the importance of maintaining compliance and ensuring the reliability of trusted certificates to protect the integrity of the internet ecosystem.

    A loss of confidence

    Entrust’s failure to meet these critical standards has led to a loss of confidence in its competence, reliability and integrity as a publicly trusted certificate authority. The Google Chrome security team said that over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviour by Entrust that falls short of the above expectations and have eroded confidence in their competence, reliability and integrity as a publicly trusted certificate authority owner.

    As a result, Google will no longer trust TLS server authentication certificates issued by Entrust, starting with Chrome browser versions 127 and higher by default. Although Chrome users and enterprise customers have the option to override these settings, it is strongly advised to transition to a publicly trusted certificate authority to avoid security risks and potential disruptions.

    After the deadline, when users attempt to navigate to a site using an Entrust or AffirmTrust certificate, they will encounter an interstitial message warning that their connection is not secure and private. This move underscores the importance of using trusted certificates to ensure a safe browsing experience for users.

    Switch to a trusted CA

    Website operators affected by this decision are encouraged to switch to a different publicly trusted certificate authority before 31 October 2024 to minimise disruption. Google advises that while website operators could delay the impact of the blocking action by choosing to collect and install a new TLS certificate issued from Entrust before Chrome’s blocking action begins on 1 November 2024, they will inevitably need to collect and install a new TLS certificate from one of the many other CAs included in the Chrome Root Store.

    For companies currently using Entrust certificates, Google’s decision has significant implications, says Rob Brown, group president and executive director of CYBER1. “I strongly encourage anyone using Entrust certificates to audit their environment as a matter of urgency to assess the impact this might have on their business before it’s too late.”

    He says certificate authorities (CAs) play a crucial role in issuing SSL/TLS certificates that verify the legitimacy of websites. “These certificates facilitate encrypted communications between users and websites, ensuring the integrity and security of data. In addition, the responsibility that CA’s carry is huge, and any mistakes on their part can result in catastrophic consequences.”

    Immediate actions are needed

    Brown says this is why immediate actions are needed to mitigate the impact. “Companies should audit all their current Entrust certificates and plan to replace them with certificates from a trusted CA. The impact on website accessibility is also a major concern. Visitors to websites using Entrust certificates will encounter interstitial warnings in Chrome, indicating that the connection is neither secure nor private. This can deter users and negatively impact the user experience. Furthermore, the presence of these security warnings can harm the trust and reputation of companies, as users may perceive their sites as unsafe.”

    Brown says compliance and security concerns are paramount, and maintaining compliance with industry standards and browser requirements is crucial. “Failure to do so can result in security vulnerabilities and a loss of user trust. Using trusted certificates from reputable CAs ensures that data exchanged between users and websites is secure, protecting against potential cyberthreats.”

    Operationally, Brown says IT teams will need to update server configurations to integrate new certificates, which may involve significant planning and testing to ensure a smooth transition. Companies should also communicate with stakeholders, including customers and partners, about the upcoming changes and reassure them of ongoing security and compliance measures.

    Committed to improvement

    In a statement, Entrust said it recognises what led it to this point and is committed to improvement.

    It says the recent errors resulted from a misinterpretation of CA/Browser Forum compliance requirements and attempts to resolve this led to further non-security-related mis-issuances. In aiming to provide additional flexibility by extending and delaying revocations, Entrust did not align with the CA/Browser Forum’s five-day revocation requirement for mis-issuances.

    This scrutiny, says Entrust, brought to light past commitments that, if fully implemented, could have prevented these incidents. The company acknowledges the need for improvement and has thoroughly assessed its CA operations in recent months.

    CYBER1’s Rob Brown

    Following this assessment, Entrust claims to have made organisational, process and policy changes. For instance, it integrated the CA product compliance team into its global compliance and operations teams for enhanced capabilities. Entrust established a cross-functional change control board and a technical change review board to prevent similar issues. The company says it is accelerating R&D for TLS certificate compliance and automation, improving the tracking of public commitments, and revising its incident response practices.

    Entrust says it remains dedicated to serving as a public CA and will promptly address open issues and promised improvements.

    In conclusion, Brown says that by prioritising compliance and trusted certificates, Google aims to enhance the overall security and reliability of the Internet, protecting users and maintaining the integrity of online communications.

    Should any organisations require any assistance in better understanding the impact then they are welcome to contact CYBER1 for assistance in this matter.

    About CYBER1 Solutions
    CYBER1 Solutions is a cybersecurity specialist operating in Southern Africa, East and West Africa, Dubai, and elsewhere in the Europe, Middle East and Africa region. Our solutions deliver information security; IT risk management; fraud detection; governance and compliance; and a full range of managed services. We also provide bespoke security services across the spectrum, with a portfolio that ranges from the formulation of our customers’ security strategies to the daily operation of endpoint security solutions. To do this, we partner with world-leading security vendors to deliver cutting-edge technologies augmented by our wide range of professional services. Our services allow organisations in every sector to prevent attacks by providing the visibility into vulnerabilities they need to rapidly detect compromises, respond to breaches and stop attacks before they become an issue. For more, visit c1-s.com/middle-east-europe.

    • Read more articles by CYBER1 Solutions on TechCentral
    • This promoted content was supplied by and paid for by the party concerned


    CYBER1 CYBER1 Solutions Rob Brown
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleCape Town’s The Paradigm: a world far from the ordinary
    Next Article US disrupts Russian social media influence operation

    Related Posts

    SAPS cannot fight cybercrime on its own

    12 March 2025

    TCS+ | CYBER1 Solutions on choosing a managed security service provider

    15 October 2024

    SA security experts name identity as first line of defence against online threats

    13 August 2024
    Add A Comment

    Comments are closed.

    Company News

    Making IT happen: how Trade Link gears up to enable SA retail strategies

    20 June 2025

    Why parents choose CambriLearn for online education

    19 June 2025

    Disrupt first, ask questions later – the uncomfortable truth about incident response

    18 June 2025
    Opinion

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    AI and the future of ICT distribution

    16 June 2025

    Singapore soared – why can’t we? Lessons South Africa refuses to learn

    13 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.