Distrusted certificates in upcomming chrome version

ssl

#1

Hello experts
i saw this alert in my browser console and hope cloudflare will have a seamless migration too :yum:

The certificate used to load uses an SSL certificate that will be distrusted in an upcoming release of Chrome. Once distrusted, users will be prevented from loading this resource.

:scream:

Greetings

:alien:

Chrome Version 62.0.3202.94 (Offizieller Build) (64-Bit) Linux


#2

Cloudflare only uses certificates from Comodo and GlobalSign. Maybe Digicert as well. There might even be the possibility of Let’s Encrypt in the future.

In other words, this doesn’t affect Cloudflare.

*Fine Print: If your origin server uses a Symantec certificate, Cloudflare will probably still allow it, though with Chrome distrusting them, it probably won’t be long before the distrusted certificates just won’t be available anymore and it becomes a non-issue.


#3

Well, I am talking about the Cloudflare shared certificates I am using on several sites of course , so what cause the warning then?


#4

What’s the URL? It is possible that your domain calls an external resource that’s using a Symantec certificate.


#5

Sorry, I made a mistake , the site I was referring to, is hosted at Strato and not using cloudflare :blush:


#6

Maybe Cloudflare will become their own CA(!) but, for those running your own website:

If you run an SSL website with a certificate not provided by Cloudflare (or any SSL website for that matter), make sure your certificate is not affected by the Symantec SSL distrust that Chrome has created. There is a test tool available here: Website Test for Distrusted Symantec Certificates on Chrome


#7

Any word from Cloudflare on how they’ll treat these certificates? If you are using a Symantec cert on the origin will Cloudflare still see this certificate as valid on the 1st March or the 1st September?


#8

If you’re running full, I don’t think it would make a difference. If you are running full strict, the issuing CA needs to be valid.