Google Chrome will stop trusting TLS Certificates issued by Entrust and AffirmTrust after October 31, 2024. This change will be effective in Chrome 127 and higher.
TLS server authentication certificates validating to the following Entrust roots whose earliest Signed Certificate Timestamp (SCT) is dated after October 31, 2024, will no longer be trusted by default.
- CN=Entrust Root Certification Authority – EC1,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
- CN=Entrust Root Certification Authority – G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
- CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net
- CN=Entrust Root Certification Authority,OU=www.entrust.net/CPS is incorporated by reference+OU=(c) 2006 Entrust, Inc.,O=Entrust, Inc.,C=US
- CN=Entrust Root Certification Authority – G4,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
- CN=AffirmTrust Commercial,O=AffirmTrust,C=US
- CN=AffirmTrust Networking,O=AffirmTrust,C=US
- CN=AffirmTrust Premium,O=AffirmTrust,C=US
- CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
Website operators are advised to switch to trusted certificate authority such as Sectigo, DigiCert, GeoTrust, Thawte, RapidSSL & GlobalSign. For more details, please refer to the Google announcement article at https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html.
