Published on October 10th, 2018
Quite a few major websites (as well as a large number of not so major ones) will be rendered unusable in the next version of Google Chrome, set to be released on October 16, when Google deprecates its trust for security certificates issued by Symantec.
This is big news when it comes to marketing and SEO, but unfortunately many marketers have not been focused on this upcoming change and what it means to them and their businesses - and this lack of attention will have dire consequences for those who are affected.
What is happening with the Chrome 70 update?
When I talk with other marketers about search engine optimization, it seems like the vast majority are focused on keywords and where they rank in the search engine results pages (SERPs).
What’s often overlooked is the technical side of SEO -- something that can have a major impact on your business...in many cases, for minimal effort!
Unfortunately for companies like Pantone, Citrus, and the Federal Bank of India, this lack of attention to their technical SEO will have negative effects when the newest version of Google’s Chrome is released on October 16th and visitors to their websites get an error message instead of the page they are trying to visit.
Most sites that are well maintained and SEO optimized have, by now, obtained an SSL certificate. Having this is what gives your site "https" at the beginning of your URL rather than "http" and is a strong indicator to search engines that your site is secure.
Symentec and its affiliated companies is one provider of SSL certificates, however because Google discovered in early 2017 that Symantec was allowing some organizations to issue certificates without the proper oversight, it has since deemed all certificates issued by Symantec before June of 2016 to be untrustworthy.
Google began issuing notifications about this in January of 2017 and now, on October 16, it will no longer recognize those SSLs and will instead show an error message when someone visits a site with a Symantec-issued SSL.
Will you be affected?
Even if you have paid for your HTTPS certificate, if it came through Symantec’s PKI business, which operates a series of Certificate Authorities (CAs) under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, you may be in trouble when Chrome 70 is released.
This update will affect any certificate issued by a Symantec CA prior to June 2016, except for the small number issues by the independently-operated and audited subordinate CAs previously disclosed to Google.
You can learn more about the specific details and timeline from Google here.
The big takeaway - do you research and find out where your SSL certificate came from. If it was issued by a Semantec CA, you'll need to immediately acquire a new certificate so that your site is not affected on October 16.
Why does this even matter?
HTTPS prevents anyone from intercepting your data by encrypting the data between your computer and the website or app you are using –– even if you’re on a public Wi-Fi. It also shows the integrity and safety of the site by proving that no pages have been modified by an attacker.
By Chrome 70 removing trust for these sites, it will be immediately clear to your visitors that you have not taken the expected precautions with their security by showing a bright red line through your URL in the browser and the text “Not Secure.”
Basically there’s no hiding from this.
What can you do to prepare?
It’s pretty simple to check your site and anyone else’s site that is on the path to being distrusted by Chrome 70 by pulling up the console in Chrome.
If you find the warning message from Chrome, you have until October 16th to get squared away with a new SSL certificate.
Many of our clients (and us) use HubSpot’s SSL service to manage the majority of the SSL process. If you’re looking for a different service for your HTTPS certificate, Let’s Encrypt is a free, automated, and open certificate authority that has issued more than 380 million certificates.