I strongly recommend distrusting all symantec CA certs immediately.
https://techcrunch.com/2017/03/27/google-is-fighting-with-symantec-over-encrypting-the-internet/
http://thehackernews.com/2017/03/symantec-ssl-certificates.html
https://www.symantec.com/connect/blogs/symantec-backs-its-ca
https://www.symantec.com/connect/blogs/message-our-ca-customers
>>59650211
B but how???
>>59651029
by using HTTP only
:^)
>>59651029
Symantec Class3 Secure Server CA-G4
in your browser, distrust/delete the certificate with this sha1 checksum: "50 23 38 9C 5F 76 A0 7E F2 54 46 5E 4F 21 96 F8 14 45 B4 1E"
per OP's articles, google is dropping this cert from chromium
Symantec owns a number of rather large CAs which makes distrusting them very difficult. Google is not just straight up cancelling their certs they're gradually phasing out older certs and they're going to make symantec certs expire quicker (eventually under a year) to discourage their use
Is there a GUI or TUI tool for Linux to manage the SSL certificates in the Mozilla CA package?
I need a quick rundown. Why is this important and what can I do to fix it?
>>59655666
Symantec is a certificate authority, basically they're a trusted third party that certifies that a website is authentic. The problem is they've been issuing certificates to websites that were apparently forgeries.
There's not much any of us can do here. The security teams at Google, Microsoft, Apple, and Mozilla will probably get together and decide how to handle this. Google's proposal is probably the best option so they might all adopt that. Google is proposing they gradually phase out Symantec's certifications and limit their certifications to short terms of less than a year to discourage their usage or at least allow current ones to be phased out.