Google to Block Entrust Certificates in Chrome
July 12, 2024
Topics
- certificates
- Chrome
July 12, 2024
Topics
Recently, Google officially announced that it will be blocking websites on the Google Chrome browser that own Entrust certifications on November 1st, 2024. Google has stated that this mass blocking of Entrust-certified websites is due to Entrust’s lack of congruency and repeated failures to handle security matters efficiently. Google also claims there have been too many internal failures causing irreparable damage to their relationship with Entrust
Entrust is a company that specializes in digital security solutions. Entrust provides its clients and users with Identity and Access Management (IAM), Public Key Infrastructure (PKI), authentication, and secure digital transactions services. This wide range of services helped Entrust become one of the most globally widely known and trusted software security companies. Entrust’s well-known reputation makes Google’s decision to block all websites certified by Entrust very shocking.
The Google Chrome security team from the years 2018-2024 has kept a record of Entrust’s work and over the years they have noticed a consistent pattern of unfulfilled duties such as mismanagement, delays, and empty promises. The head of Google Chrome’s security team has stated that for the last 6 years, Entrust has repeatedly failed to take action in timely responding to publicly disclosed reports that Google posted. Entrust has also been criticized for the company’s delays in revoking compromised online certificates which all Certificate Authorities(CAs) must report to their clients and cancel immediately. Entrust has also not been fully honest with Google sending the company not only late reports but reports lacking in crucial detail and with proof of Entrust’s work. The Google Chrome security team addressed these concerning patterns with Entrust yet they still observed the same behavior noticing no evidence of progress or positive change by Entrust.
The head of Google Chrome's security team also stated that Entrust hasn’t successfully improved in commitments to better security service than the company has stated it would as the constant delays and lack of honesty from Entrust about their work continued. Entrust hasn’t kept up with Google’s policies and expectations which has resulted in Google’s termination of their services across its platform. Overall, Google’s choice to sever ties with Entrust seems to be valid after Google has given Entrust 6 years to improve in these essential areas which a top and well-known Certificate Authority Company should naturally excel in. Google is a large platform with billions of users making the protection of their user’s data to be imperative and Entrust’s failure to successfully do so resulted in this outcome.
Come November 1st, 2024 if a website is using an Entrust certificate, it will face major issues on the client-side. This could lead to a loss in reputation which could be disastrous for some companies. The best protection method for website operators and owners is moving to a new Certificate Authority (CA) owner to avoid serious website issues and crashes before November 1st, 2024. Other well-known and well-trusted Certificate Authority (CA) owners such as Cisco, SecureAuth, and Okta make great alternatives to Entrust.
Entrust states that its solutions are used by Microsoft, Mastercard, VISA, VMware, and more. This statement from Entrust isn’t enough for Google and they have taken action to terminate all connections with Entrust. All Entrust-certified web owners should tread carefully in the future and make what they believe to be the best decisions for their websites.