Google has decided to remove Entrust, a certificate authority, from its list of trusted entities due to concerns about its behavior affecting trust in its competence and reliability. As of October 31, 2024, Chrome will no longer automatically trust certificates issued by Entrust, which could impact websites like MoneyGram and the U.S. Department of Energy that use their services. Users can still manually enable trust or go through warning screens when accessing sites with Entrust certificates.
In the world of computing, secure transportation of information has always been a priority. Old protocols like Telnet lacked encryption, exposing data like usernames and passwords. Today’s websites rely on public key encryption, using digital certificates from trusted authorities to validate identities and establish secure connections. Google’s decision to remove Entrust from its trusted list emphasizes the importance of maintaining trust and security online.
Google’s announcement signifies a pattern of behavior by Entrust that did not meet its expectations, leading to a loss of trust. While Entrust will not be immediately ousted, Chrome will no longer automatically trust their certificates issued after October 31, 2024. Sites using Entrust may need to switch providers to maintain user trust and secure connections.
Certificate warnings in browsers indicate potential security risks, as unsecured sites may expose sensitive information transmitted between the server and the browser. Having up-to-date certificates shows a website’s commitment to security, making it crucial for all websites to ensure they are using trusted certificate authorities.
The implications of Google removing Entrust from its trusted list will lead to many large Internet companies seeking new certificate providers, possibly affecting sites like MoneyGram and the U.S. Department of Energy. While Entrust remains on Firefox’s Trusted CAs List, Chrome’s dominant market share gives Google’s decision significant weight in the industry.
Efforts to garner comments from Google, Entrust, and Mozilla are ongoing, with updates pending. The shift in certificate trust highlights the critical role that trusted certificate authorities play in maintaining secure online connections and protecting user data.
Article Source
https://www.androidpolice.com/google-chrome-will-soon-flag-several-websites-for-invalid-certificates/