Google has announced that starting October 31, 2024, Chrome (version 127 and above) will no longer trust TLS certificates issued by Entrust and AffirmTrust.
Any TLS server authentication certificates linked to the following root authorities, with Signed Certificate Timestamps (SCTs) dated after October 31, 2024, will be rejected by default in Chrome:
- Entrust Root Certification Authority – EC1
- Entrust Root Certification Authority – G2
- Entrust.net Certification Authority (2048)
- Entrust Root Certification Authority (2006)
- Entrust Root Certification Authority – G4
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
What this means for website owners
If your website relies on TLS certificates from Entrust or AffirmTrust, your visitors may begin seeing security warnings in Chrome after the cutoff date. To avoid service disruption, it is strongly recommended to migrate to certificates from other trusted providers, such as DigiCert, Sectigo, GeoTrust, Thawte, RapidSSL, or GlobalSign.
For further details, you may refer to the official Google Security Blog announcement:
🔗 Google Security Blog