SSL certificatesIf you’re a Google Chrome user, it’s possible you may have come across a warning while browsing the web that a site you’re viewing doesn’t have a valid SSL (Secure Sockets Layer) certificate. Although a fair amount of people might not know what that means, we can all recognize that any warning about the security of a website is something to be taken seriously. While these types of warnings from Chrome (or other Internet browsers) usually come when people are viewing illegitimate or suspicious websites, some people might have recently seen them pop up for legitimate sites as well. The reason for this likely stems from an ongoing battle between Google and software company Symantec, which came to a head in late March when Google made accusations that Symantec was guilty of misissuing tens of thousands of certificates for encrypted websites. To learn more about what all of this means and how it might affect you, the average consumer, we decided to dig into what Google is doing and why.

Why is Google downgrading certificates from Symantec?

We’ve talked about SSL before and how it protects the connection between a server (the website) and a web browser (the person using or making purchases on that website). SSL is used to encrypt sensitive information, such as credit card details, and it also ensures consumers that the websites they are visiting and using are legitimate. These security certificates are issued by entities known as certification authorities (CAs), and Symantec is one of the Internet’s biggest, issuing SSL certificates for approximately 30% of the web. It’s its job to verify that the website receiving an SSL certificate is who they say they are. According to Google, Symantec has been neglecting its duties when it comes to validating these certificates, resulting in approximately 30,000 improperly issued SSL certificates across the web. As of March 23, Google made public its intentions to downgrade certificates issued by Symantec — requiring website owners to replace their existing SSL certificates with new ones within a specific time frame or risk visitors using Chrome being unable to access their sites without warnings of potential danger.

On its end, Symantec has defended itself, claiming that Google has exaggerated the gravity of the issue. Only 127 certificates were misissued by Symantec itself; the rest of the 30,000 SSL certificates were the work of four of its other CA partners. However, Google has indicated that Symantec was aware of issues with at least one of its partners, and didn’t sever ties with them regardless. As a result, Google has taken actions including downgrading the level of trust its browser has in Symantec-issued certificates as well as the length of time a browser will trust certificates.

What does this have to do with the average Internet user?

The good news is that this shouldn’t impact most people, outside of businesses that use Symantec for their websites’ SSL certificates. Google is staggering the time limits for replacement of old certificates to prevent disruption for users or businesses, and Symantec has said it will replace old certificates at no cost. Since Symantec has severed its ties with the firms at the core of the problem, any SSL certificates it issues going forward will be trusted by Chrome. Additionally, since this is specifically a Google issue, Internet users who prefer other browsers — such as Mozilla Firefox, Safari or Internet Explorer — won’t have to worry about any of this.

That said, this is still a good reminder to all Internet users that it’s important to pay attention to any security warnings you receive when you visit a website. Although you can almost always trust the HTTPS you see in your browser URL, any additional warnings from your browser should indicate that there may be a problem with the connection, so you should proceed with caution. In addition to checking for HTTPS whenever you use a website that you plan on providing personal data to, it’s wise to ensure that you’re keeping your browser, apps and other software up to date. This will ensure that you will receive any important patches or updates that might be necessary to fix newly discovered security problems.

To learn more about what’s happening in the wide world of technology and what it means for you, follow our technology blog.