Suggestion Time for a new SSL cert (Legacy Symantec cert)

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

OP
tep

tep

ScubaBoard Supporter
ScubaBoard Supporter
Messages
537
Reaction score
262
Location
San Diego CA USA
# of dives
100 - 199
Hi, thanks for SB - my favorite online hangout. Thanks esp for the excellent moderation...

I just noticed that the SSL cert is a "legacy Symantec certificate". I only noticed because I typically run Chrome Canary, which is 1-3 months ahead of the stable release. Canary (Chrome v70) has started throwing errors for the legacy Symantec certificates that are going to be untrusted by mainstream browsers in a few months.

Screen Shot 2018-07-28 at 17.41.25.png


Here's a description of what's going on.
Google Online Security Blog: Distrust of the Symantec PKI: Immediate action needed by site operators

Hopefully this will help you get a head start on a new cert and head off user confusion in about a month or so :)

Cheers!
 
Upvote 0 Downvote
"tep" is spot on. Most browsers will be updated to remove the Symantec root CA certificates over the next couple of months. I, for one, will not be reinstalling any of them.

Pete, if you are not already headed in this direction, I urge you to get a commercial server certificate from someone like DigiCert to replace your current GeoTrust server certificate. Why? The root CA certificate from any trusted Certificate Authority will already be installed in most common browsers, SSL will "just work," and life will go on.

I'll note that everyone will have to reestablish their connections when you change the server certificate, but I expect most people won't even notice (or notice much).
 
Oz Chris:
Let's Encrypt - Free SSL/TLS Certificates
Click to expand...

Highly recommend Let's Encrypt. Not only is it free, but once you've got it set up it automatically renews certificates so you never need to worry about it.

Since the site looks to be in AWS, Amazon has a certificate manager service that also issues free certificates though you might need to be on an ELB.
 
You must log in or register to reply here.

Similar threads

Quicklynx
Failed my Day 1 PADI Pool Training
8 9 10
Replies
99
Views
17,702
Stoo
Stoo

Back
Top Bottom