TEL: +44 (0) 20 7421 8250   EMAIL:

Google to kill Symantec Certificate Authorities

27 February 2018

If you run Symantec-issued Certificate Authorities for your domains you may need to take action if you wish your domains to remain secure when viewed by users using the Google Chrome browser.


Starting with Chrome 66, Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016. Chrome 66 is currently scheduled to be released to Chrome Beta users on March 15, 2018 and to Chrome Stable users around April 17, 2018.

If you are a site operator with a certificate issued by a Symantec CA prior to June 1, 2016, then prior to the release of Chrome 66, you will need to replace the existing certificate with a new certificate from any Certificate Authority trusted by Chrome.

Around the week of October 23, 2018, Chrome 70 will be released, which will fully remove trust in Symantec’s old infrastructure and all of the certificates it has issued. This will affect any certificate chaining to Symantec roots, except for the small number issued by the independently-operated and audited subordinate CAs previously disclosed to Google.

What do you need to do?

If you’re running Symantec-issued Certificate Authorities for your domains you will need to update to another Certificate Authority that is trusted by Chrome. We have done this for clients of our CA services.