Google Chrome will no longer rely on Entrust certificates

As of 31 October 2024 November 11, 2024 (updated, extended deadline to allow Entrust time to switch their CA over to ssl.com) public TLS certificates issued by Entrust with a Signed Certificate Timestamp (SCT) after that date will no longer be approved by Google Chrome (see more here).In order for a certificate authority (CA) to be trusted by a browser, it must meet specific requirements defined by the CA/Browser Forum. To ensure a constant and continuous trust, browsers receive regular audit reports on the operation and compliance of CAs. Transparency is a key factor, and CAs are expected to work with browsers to resolve and prevent issues.Recently, several root programs have expressed a lack of confidence in Entrust's TLS certificate issuance practices, and that they do not improve when they make mistakes. As a result, Google has decided to remove trust in Entrust in the Chrome browser.

What does this mean for Entrust certificates?

Public SSL/TLS certificates issued by Entrust with an SCT after October 31, 2024 will no longer be valid in Google Chrome. These certificates will be considered unsafe. However, TLS certificates with an SCT dated before this date will continue to be valid for their duration.Entrust has made a deal with ssl.com in order to be able to continue selling their rather expensive premium SSL products for the industry, they continue to sell them at premium price under their own name, although in reality they are just ssl.com (which sells much cheaper certificates) certificates, which are being rebranded to Entrust. This makes it easy for customers to move on, even if they could easily switch to another supplier at a much lower price, who takes security more seriously.There is a risk that ssl.com will be squeezed both by the volume of certificates from Entrust, but also by the way they have done business in the past, which may infect ssl.com as they take over most of the employees in the certificate business.This will therefore be important if you use Entrust certificates. to switch to another CA as soon as possible.

Switch from Entrust to FairSSL and get 50% off!

At FairSSL, we offer a 50% discount for customers who want to move from a commercial CA that we do not partner with (We have products from the largest CAs DigiCert, GlobalSign, Sectigo, AlphaSSL, RapidSSL, GeoTrust, Thawte). Our goal is to ensure a smooth transition where, among other things, we can automatically find all certificates on a domain regardless of the issuer, support automatic issuance and automatic DNS validation, pre-validated accounts and much more.Contact us for moving Entrust certificates with +30 days and 50% discount!Or order directly in our login with a RapidSSL, GeoTrust, Thawte or DigiCert SSL certificate from our login, with the order type competitor upgrade and the text”ENTRUST 50% DISCOUNT“in the topic, then we reduce the price by 50% when invoicing and give an extra month on the certificate.