Tip of the Day: Replace Symantec SSL Certs with Comodo Certs for Free

If you've been keeping up with tech news over the past few weeks, you've probably already heard about the ongoing Google / Symantec battle over the mis-issuance of SSL certs. If not, the distilled version is this: Google's Chrome web browser is losing trust in SSL certs from Symantec and its issuers. However, if you own a site secured by a Symantec cert, don't throw a fit of panic just yet.

If you're already familiar with the situation, and just want to know how you can get replacement certs free of charge, scroll on down to the bottom of the post.

This post is about a free SSL replacement offer from Namecheap. In the interests of openness, I should mention that I am a Namecheap affiliate, but none of the links on this page contain affiliate codes.

It's true that Symantec SSL certs secure a huge number of websites (approximately 30% of all valid certificates by Jan of 2015), and if Chrome stopped supporting these overnight, a similar number of the web's secure sites would become largely inaccessible to all Chrome users--but this is not what's happening.

The only change coming into effect immediately is that Chrome will stop recognising Extended Validation certificates from Symantec, and will downgrade these to Domain Validated certificates. Extended Validation certificates are issued to purchasers who have gone through extra, stringent steps to verify they are who they claim to be, whereas Domain Validated certificates are issued to purchasers who simply prove they own the domain name they are purchasing the certificate for. The Chrome team have indicated that this loss of trust for EV certs issued by Symantec will remain in effect for no less than 1 year.

Longer-term, Chrome is going to start decreasing the amount of time (from date of issuance) over which is considers Symantec certs valid (to minimise the amount of damage bad certificates may cause--emphases on may). This decrease will be introduced gradually, but will eventually result in newly-issued Symantec certs only being trusted for a period of 9 months. Additionally, Chrome will incrementally begin to distrust currently valid Symantec certificates, meaning these will need to be reissued. You can check out the timeline for all of these actions here.

If you currently own a Symantec-issued SSL cert, it will continue to work for the time being (with the caveat that Extended Validation status will be removed, and it may stop working before your cert's expiration date). In Chrome!

Symantec-issued certs are probably better recognised under the following brand names:

You can read more about the situation on the following pages:

Namecheap to the Rescue!

In the meantime, domain registrar Namecheap.com have an offer for owners of Symantec SSL certs (for both new and existing customers). In a nutshell, if you currently own a valid Symantec SSL cert (single domain, multi-domain, DV or EV) and want to swap it out for something new, Namecheap will issue you a replacement Comodo SSL cert for the duration of your Symantec cert's life--free of charge!

You can learn more about Namecheap's offer here.