In a world where cybercrime is the order of the day, connecting to secure websites is key to avoiding any kind of inconvenience. One of the ways that users have to meet this very important objective is to manually enter the domain that we want to visit. The next step is to make sure that the URL is displayed with the HTTPS prefix and, depending on the browser, appears next to the padlock icon.
Internally, this works under a TLS certificate scheme. We are talking about a kind of digital identity cards that are issued by so-called trusted certificate authorities (CAs). If we try to access a website that does not have a certificate or, on the contrary, has an invalid certificate, most browsers will be alerted and inform us of the risks involved in continuing.
Entrust certificates in serious trouble
Google Chrome, the world’s most widely used web browser, will now reject TLS certificates issued by Entrust and AffirmTrust (the latter owned by Entrust since 2016). The Mountain View company says which seeks to protect its users and that this move is due to the fact that Entrust has been involved in a series of incidents that “have eroded confidence in its competence, reliability and integrity as the owner of publicly trusted CAs.”
However, we are faced with a measure that does not go unnoticed due to its scope. When we talk about Entrust we are referring to a CA with almost three decades of experience with clients such as MasterCard, Dell, the American bank Chase Bank and governments from different parts of the world, According to ForbesGoogle says the blocking will not be immediate, but will give affected websites some time to change providers.
Specifically, the measure will go into effect “around November 1, 2024” in Chrome versions 127 and later (we’re currently on Chrome 126) on Windows, macOS, ChromeOS, Android, and Linux. From this date, Entrust and AffirmTrust certificates signed after October 31, 2024, will no longer be trusted by default. The consequence? Websites that still include them will display a warning message.
Of course, no company expects its users to encounter a warning message like the one we can see in the cover image of this article. This is not only a direct risk to the security of users, but also to the reputation of the company. It should be noted, however, that certificates signed by Entrust and AffirmTrust on or before October 31, 2024 will not be affected by this change, and will remain valid.
TLS certificates are not eternal. These have a maximum validity of 13 months. Initially, however, certificates had a longer validity, but the terms have been reduced, precisely for security reasons. A new certificate is less vulnerable. As we can see in the screenshots, pages such as mastercard.es and dell.com have certificates that expire on July 11, 2025 and July 24, 2024, respectively.
If we want to know what certificate a website is using in Google Chrome, we simply need to click on the button that appears to the left of the domain name. Here we may see The connection is secure. In this case, we click there and then on The certificate is valid. If we see The certificate is not valid, we click on that message and it will show us the details. In the rest of the browsers, the steps to follow are usually similar.
As users, we have nothing to do but be vigilant to avoid any inconvenience. If you are a system administrator, you should know that even when these certificates are no longer accepted by default, you can allow them manually. If you are responsible for a website, you will probably be interested in knowing which certificates you are using so that, if necessary, you can take measures to ensure its operation.
Images | Screenshots from Xataka
At Xataka | Thousands of Korean users cannot explain how they were infected with malware. The suspect: their Internet provider
![[Img #74130]](https://thelatestnews.world/wp-content/uploads/2024/10/Richard-Dawkins-The-scientist-who-changed-our-understanding-of-evolution-300x200.jpg)
Add Comment