{"id":203102,"date":"2018-04-08T09:53:24","date_gmt":"2018-04-08T07:53:24","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=203102"},"modified":"2018-04-08T09:53:24","modified_gmt":"2018-04-08T07:53:24","slug":"site-betreiber-mit-symantec-zertifikaten-mssen-handeln","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2018\/04\/08\/site-betreiber-mit-symantec-zertifikaten-mssen-handeln\/","title":{"rendered":"Site-Betreiber mit Symantec-Zertifikaten m&uuml;ssen handeln"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Chrome.jpg\"\/>Betreiber von Webseiten, die diese, f\u00fcr die <em>https-<\/em>\u00dcbertragung (TLS) mit Zertifikaten abgesichert haben und immer noch auf Symantec setzen, sollten schnellstm\u00f6glich handeln.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/ssl-vg03.met.vgwort.de\/na\/614a99581baf4081aba949dff7f2ee8f\" width=\"1\" height=\"1\"\/>Ich hatte es bisher nicht im Blog thematisiert: Google hat Symantec wegen fehlerhaft ausgestellter Zertifikate gesperrt. Auf dem Google Webmaster-Blog findet sich <a href=\"https:\/\/webmasters.googleblog.com\/2018\/04\/distrust-of-symantec-pki-immediate.html?utm_source=feedburner&amp;utm_medium=email&amp;utm_campaign=Feed%3A+blogspot%2FamDG+(Official+Google+Webmaster+Central+Blog\" target=\"_blank\">dieser Beitrag<\/a> vom 4. April 2018, in dem Google nochmals auf den Sachverhalt hinweist. In <a href=\"https:\/\/security.googleblog.com\/2017\/09\/chromes-plan-to-distrust-symantec.html\" target=\"_blank\">diesem Beitrag<\/a> hatte Google im September 2017 darauf hingewiesen, dass das Vertrauen in Symantec-Zertifikate binnen 13 Monaten entzogen werde. Das Ganze erfolgt stufenweise \u2013 die folgende Tabelle nennt Daten.<\/p>\n<table style=\"border-top-style: none; border-collapse: collapse; border-bottom-style: none; border-right-style: none; border-left-style: none\">\n<colgroup>\n<col width=\"158\"\/>\n<col width=\"466\"\/><\/colgroup>\n<tbody>\n<tr style=\"height: 0pt\">\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt; background-color: #cfe2f3\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 700; color: black; font-style: normal; background-color: transparent\">Date<\/span><\/div>\n<\/td>\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt; background-color: #cfe2f3\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 700; color: black; font-style: normal; background-color: transparent\">Event<\/span><\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 0pt\">\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Now<\/span><\/div>\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">through <\/span><\/div>\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">~March 15, 2018<\/span><\/div>\n<\/td>\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Site Operators using Symantec-issued TLS server certificates issued before June 1, 2016 should replace these certificates. These certificates can be replaced by any currently trusted CA.<\/span><\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 0pt\">\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">~October 24, 2017<\/span><\/div>\n<\/td>\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Chrome 62 released to Stable, which will add alerting in DevTools when evaluating certificates that will be affected by the Chrome 66 distrust.<\/span><\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 0pt\">\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">December 1, 2017<\/span><\/div>\n<\/td>\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">According to Symantec, DigiCert's new \"Managed Partner Infrastructure\" will at this point be capable of full issuance. Any certificates issued by Symantec's old infrastructure after this point will cease working in a future Chrome update.<\/span><\/div>\n<div>&nbsp;<\/div>\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">From this date forward, Site Operators can obtain TLS server certificates from the new Managed Partner Infrastructure that will continue to be trusted after Chrome 70 (~October 23, 2018). <\/span><\/div>\n<div>&nbsp;<\/div>\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">December 1, 2017 does not mandate any certificate changes, but represents an opportunity for site operators to obtain TLS server certificates that will not be affected by Chrome 70's distrust of the old infrastructure.<\/span><\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 0pt\">\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">~March 15, 2018<\/span><\/div>\n<\/td>\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Chrome 66 released to beta, which will remove trust in Symantec-issued certificates with a not-before date prior to June 1, 2016. As of this date Site Operators must be using either a Symantec-issued TLS server certificate issued on or after June 1, 2016 or a currently valid certificate issued from any other trusted CA as of Chrome 66.<\/span><\/div>\n<div>&nbsp;<\/div>\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Site Operators that obtained a certificate from Symantec's old infrastructure after June 1, 2016 are unaffected by Chrome 66 but will need to obtain a new certificate by the Chrome 70 dates described below.<\/span><\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 0pt\">\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">~April 17, 2018<\/span><\/div>\n<\/td>\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Chrome 66 released to Stable.<\/span><\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 0pt\">\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">~September 13, 2018<\/span><\/div>\n<\/td>\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Chrome 70 released to Beta, which will remove trust in the old Symantec-rooted Infrastructure. This will not affect any certificate chaining to the new Managed Partner Infrastructure, which Symantec has said will be operational by December 1, 2017.<\/span><\/div>\n<div>&nbsp;<\/div>\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Only TLS server certificates issued by Symantec's old infrastructure will be affected by this distrust regardless of issuance date.<\/span><\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 0pt\">\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">~October 23, 2018<\/span><\/div>\n<\/td>\n<td style=\"border-top: #f3f3f3 1pt solid; border-right: #f3f3f3 1pt solid; vertical-align: top; border-bottom: #f3f3f3 1pt solid; padding-bottom: 5pt; padding-top: 5pt; padding-left: 5pt; border-left: #f3f3f3 1pt solid; padding-right: 5pt\">\n<div style=\"margin-bottom: 0pt; margin-top: 0pt; line-height: 1.2\" dir=\"ltr\"><span style=\"font-size: 11pt; text-decoration: none; font-family: &quot;arial&quot;; font-variant: normal; vertical-align: baseline; white-space: pre-wrap; font-weight: 400; color: black; font-style: normal; background-color: transparent\">Chrome 70 released to Stable.<\/span><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Am 17. April 2018 wird der Google Chrome Browser Version 66 freigegeben. Webseiten die ein vor dem 1. Juni 2016 ausgestelltes SSL\/TLS-Zertifikat von Symantec verwenden, werden im Chrome 66 nicht mehr angezeigt. <\/p>\n<p><img decoding=\"async\" title=\"SSL\/TLS-Zertifikatswarnung (Chrome)\" alt=\"SSL\/TLS-Zertifikatswarnung (Chrome)\" src=\"https:\/\/i.imgur.com\/0C69Vh6.jpg\"\/><\/p>\n<p>Der Google Chrome gibt dann eine SSL\/TLS-Zertifikatswarnung mit dem Hinweis auf die Zertifikatssperre aus. Ab dem Google Chrome 70 (erste Builds ab Juli 2018, Final ab Oktober 2018) werden dann \u00fcberhaupt keine Zertifikate mehr von Symantec akzeptiert. <\/p>\n<p>Die Symantec-Zertifizierungsstelle hat Zertifikate f\u00fcr eine Reihe von Marken wie Thawte, VeriSign, Equifax, GeoTrust und RapidSSL ausgegeben. Symantec hat hier eine (Englische) Webseite zum Thema freigeschaltet. Symantec hat die Zertifikatsausstellung beendet und dieses Gesch\u00e4ft an Digicert <a href=\"https:\/\/www.symantec.com\/connect\/blogs\/information-replacement-symantec-ssltls-certificates\" target=\"_blank\">verkauft<\/a>. Das TLS-Zertifikat einer Website l\u00e4sst sich \u00fcbrigens auf Seiten wie <a href=\"https:\/\/ssl-trust.com\/SSL-Zertifikate\/check\" target=\"_blank\">ssl-trust.com<\/a> im Browser pr\u00fcfen.<\/p>\n<p><strong>\u00c4hnliche Artikel:<br \/><\/strong><a href=\"https:\/\/borncity.com\/blog\/2016\/12\/28\/zertifikatfehler-bei-google-chromeslimjet-browser-fixen\/\">Zertifikatfehler bei Google Chrome\/Slimjet-Browser fixen<\/a><br \/><a href=\"https:\/\/borncity.com\/blog\/2017\/05\/29\/microsoft-live-comhotmail-login-probleme-im-firefox-ocsp-zertifikat\/\">Microsoft live.com\/Hotmail-Login-Probleme im Firefox (OCSP-Zertifikat)<\/a><br \/><a href=\"https:\/\/borncity.com\/blog\/2017\/04\/02\/ssl-zertifikate-verwirrung-bei-lets-encrypt-und-symantec\/\">SSL-Zertifikate-Verwirrung bei Let's Encrypt und Symantec<\/a><br \/><a href=\"https:\/\/borncity.com\/blog\/2016\/12\/21\/slimjet-browser-weitere-updates-fixen-zertifikateprobleme\/\">Slimjet-Browser: Weitere Updates fixen Zertifikateprobleme<\/a><br \/><a href=\"https:\/\/borncity.com\/blog\/2016\/12\/06\/chrome-bug-zeigt-https-als-unsicher-an\/\">Chrome-Bug zeigt https als unsicher an<\/a><br \/><a href=\"https:\/\/borncity.com\/blog\/2016\/11\/28\/google-unsicher-sha-1-kollateralschden-im-google-chrome\/\">Google unsicher? SHA-1-Kollateralsch\u00e4den im Google Chrome<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Betreiber von Webseiten, die diese, f\u00fcr die https-\u00dcbertragung (TLS) mit Zertifikaten abgesichert haben und immer noch auf Symantec setzen, sollten schnellstm\u00f6glich handeln.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1356,426],"tags":[984,4328,1468],"class_list":["post-203102","post","type-post","status-publish","format-standard","hentry","category-google-chrome-internet","category-sicherheit","tag-google-chrome","tag-sicherheit","tag-zertifikate"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/203102","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=203102"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/203102\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=203102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=203102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=203102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}