Starting this November 1st, Google Chrome will stop trusting websites that use security certificates from a company called Entrust. This is a big deal because Entrust is a very popular company that makes these certificates, and lots of important websites use them – like banks, governments, and even credit card companies!
Here’s the breakdown:
- Chrome won’t trust Entrust certificates anymore: After November 1st, if you try to visit a website secured with an Entrust certificate, Chrome will basically say “danger zone!” and block you from going there.
- Entrust certificates are common: The bad news is that a lot of websites use Entrust certificates, including banks, shopping sites, and even government websites.
- Why is Chrome doing this? Google says Entrust hasn’t been following the rules for making secure certificates, and that could put users at risk.
Google Chrome will Revoke Trust for Entrust Digital Certificates
Google just made a big decision to protect Chrome users! On June 27th, they announced they’re stopping Chrome from trusting security certificates from two companies: Entrust and AffirmTrust (which Entrust bought in 2016).
Here’s why this is a big deal:
- Security certificates are like online passports: They make sure your connection to a website is encrypted and safe, kind of like a secret tunnel between your computer and the website.
- Entrust and AffirmTrust are major players: These companies are like the factories that create these security certificates, and lots of websites use them.
- Google doesn’t trust them anymore: Google says Entrust and AffirmTrust haven’t been following the rules for making safe certificates, which could put users at risk. So, Google is stopping Chrome from trusting their certificates anymore.
This is a big deal because it means many websites will need to switch to different security certificates by November 1st to avoid being blocked by Chrome. The good news is this makes Chrome safer, but the bad news is some websites might be scrambling to make a change.
Why did Google lose trust? Google has a policy that says these certificates must make Chrome browsing safer than the risk of having them. Google says Entrust’s response to past security problems hasn’t been good enough, and this makes Google question if Entrust can be relied on.
How has Entrust Digital Responded to this? 
In a June 21 post to the Certification Authority Browser Forum, Entrust’s president of digital security solutions, Bhagwat Swaroop, said some recent incidents were not properly reported to the CA/B forum. He admitted their decision not to revoke the affected certificates was wrong. Swaroop clarified that none of the lapses were malicious or intentional. He explained that as a global CA, Entrust must balance the needs of root programs and subscribers, especially for critical infrastructure. Sometimes, they didn’t get this balance right. Swaroop promised that Entrust will make lasting organizational and cultural changes to regain the trust of the root programs and the community.
Entrust, a longstanding member of the industry’s governing body (CA/Browser Forum), expressed disappointment with the decision. The company maintains its commitment to the TLS certificate business and is working on solutions to ensure continued service for its customers.
It appears that this commitment has come too late as far as Google is concerned. An Entrust spokesperson told The Stack that “The decision by the Chrome Root Program comes as a disappointment to us as a long-term member of the CA/B Forum community. We are committed to the public TLS certificate business and are working on plans to provide continuity to our customers.”
How will the Move Affect Users of Google Chrome Browser?
While existing Entrust and AffirmTrust certificates issued before November 1, 2024 will remain valid until their expiration date, there’s a critical change for users of Chrome version 127 and later (released in November 2024) on various platforms (Android, ChromeOS, Linux, macOS, and Windows). These newer Chrome versions will no longer trust these certificates, effectively blocking connections to websites using them.
This means Chrome users encountering a website with a blocked certificate will see a warning message indicating a “connection not private.” The browser will warn that the site could be impersonating a legitimate one to steal personal or financial information. 
In essence, websites with Entrust or AffirmTrust certificates issued before November 1, 2024, need to migrate to a different certificate authority to ensure a smooth user experience on Chrome browsers after November.
Here’s the updated passage incorporating the information about Google’s recommendation and the impact delay:
Google Urges Users to Transition from Entrust and AffirmTrust Certificates:
While existing Entrust and AffirmTrust certificates issued before November 1, 2024, will technically remain valid until their expiration date, Google strongly recommends website operators transition to a different Certificate Authority (CA) as soon as possible.
There’s a potential workaround: installing a new Entrust TLS certificate before the November 1 deadline might temporarily delay the blocking by Chrome. However, Google warns that this is just a stopgap measure. Ultimately, all websites with Entrust or AffirmTrust certificates issued before the deadline will need to migrate to a different CA to ensure continued user trust and avoid disruptions on Chrome browsers after November.
In short, don’t wait until the last minute. Transitioning to a trusted CA now will prevent website functionality issues for Chrome users come November.
Conclusion
Starting November 1st, Chrome will block websites using security certificates from Entrust, a major provider. This is because Google deems Entrust’s practices risky. While existing Entrust certificates technically remain valid, a switch to a trusted CA is crucial to avoid website disruptions for Chrome users. Website owners should migrate now to ensure a smooth user experience come November. This move enhances Chrome security but may require some websites to scramble for a solution.
