Google Chrome 將在 2024-10-31 後停止信任 Entrust 和 AffirmTrust 簽發的 TLS 證書。 此項更新將在 Chrome 127 及更高版本中生效。
預設情況下,通過以下 Entrust 根證書(其最早的簽發證書時間戳記(SCT)日期在 2024-10-31 之後)來進行驗證的 TLS 伺服器證書將不受信任。
- CN=Entrust Root Certification Authority – EC1,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
- CN=Entrust Root Certification Authority – G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
- CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net
- CN=Entrust Root Certification Authority,OU=www.entrust.net/CPS is incorporated by reference+OU=(c) 2006 Entrust, Inc.,O=Entrust, Inc.,C=US
- CN=Entrust Root Certification Authority – G4,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
- CN=AffirmTrust Commercial,O=AffirmTrust,C=US
- CN=AffirmTrust Networking,O=AffirmTrust,C=US
- CN=AffirmTrust Premium,O=AffirmTrust,C=US
- CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
建議網站管理員儘快轉用其他受信任的證書頒發機構,例如 Sectigo、DigiCert、GeoTrust、Thawte、RapidSSL、GlobalSign。 更多詳情可以參看 Google 的文章:https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html
