6 Replies Latest reply on Dec 22, 2017 7:14 AM by Sarah O'Meara

    SSL certificates used by Jive will soon be distrusted by Google Chrome

    Jeff Shurtliff Advanced

      When loading nay of our Jive Cloud communities we are seeing the following warning in the Console in Google Chrome:

      The SSL certificate used to load resources from <community_url> will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.




      I see the same thing on the AuraWorks community as well.  (see below)



      The Google Online Security Blog cited below states the following:

      If you are a site operator with a certificate issued by a Symantec CA prior to June 1, 2016, then prior to the release of Chrome 66, you will need to replace the existing certificate with a new certificate from any Certificate Authority trusted by Chrome.


      Additionally, by December 1, 2017, Symantec will transition issuance and operation of publicly-trusted certificates to DigiCert infrastructure, and certificates issued from the old Symantec infrastructure after this date will not be trusted in Chrome.


      Around the week of October 23, 2018, Chrome 70 will be released, which will fully remove trust in Symantec’s old infrastructure and all of the certificates it has issued. This will affect any certificate chaining to Symantec roots, except for the small number issued by the independently-operated and audited subordinate CAs previously disclosed to Google.


      Site operators that need to obtain certificates from Symantec’s existing root and intermediate certificates may do so from the old infrastructure until December 1, 2017, although these certificates will need to be replaced again prior to Chrome 70. Additionally, certificates issued from Symantec’s infrastructure will have their validity limited to 13 months. Alternatively, site operators may obtain replacement certificates from any other Certificate Authority currently trusted by Chrome, which are unaffected by this distrust or validity period limit.



      Is Jive already taking action to mitigate this and when can we expect the certificates to get updated?




      For more information about this: