Google has announced the removal of Entrust root CA from the Chrome database by the end of October this year, starting from Chrome 127, following multiple operational issues faced by Entrust. The problems with Entrust have been ongoing since 2022, such as delayed responses to certificate revocation requests, misprinted certificates, issuance of certificates with incorrect fields, or even delayed system audit reports.
A total of 9 Entrust root CA certificates will be removed, and Chrome will no longer accept any certificates certified by these roots, with Signed Certificate Timestamp (SCT) validity after October 31, 2024. Entrust issues certificates for approximately 0.1% of all websites, a significant number, indicating a high impact on affected websites, who should consider migrating to alternate CAs.
Organizations using Entrust certificates internally and unable to quickly transition should manually add these root CAs. Source: Google Security Blog.
TLDR: Google will remove Entrust root CA from Chrome by end of October due to multiple operational issues. Affected websites must migrate to other CAs or manually add Entrust root CAs.
Leave a Comment