April 2018 has already come and gone, with the release of Chrome 66 introducing instant distrust of any Symantec certificate issued before June 1st 2016. This includes Symantec sub-brands such as Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, and has seen many sites marked as “not secure”, with Symantec’s new owners DigiCert apparently struggling to keep pace with the demand for replacement trusted certificates.

The second and final key date in this somewhat sorry tale of corporate hubris is October 16th 2018, D-for-Distrust Day, when the release of Chrome 70 will see ALL Symantec branded and sub-branded certificates distrusted for good.

Many organisations globally are exposed to this, and the current pace of DigiCert’s replacement programme will leave the vast majority still exposed when D-Day comes.

With 20 weeks to go until then, Trustify have launched an industry-leading, fully-resourced Certificate Discovery & Replacement Service.

Now you don’t need to wait to be contacted by Symantec to avoid critical website outages when Google disavows them in October. Trustify stands ready and able to plug the resource gap.

All you need to do is register, upload a list of your domains, select a policy and automate all tasks.

Manned by Certificate Management experts, our service will track down the offending certificates from the distrusted Symantec family, then recommend (and price) the best fix across multiple Certificate Authorities.

We also guarantee you will save 25% vs your historical spend, and for early customers we even help you optimise your website security posture for the new Browser Security changes beginning in July.

Certificate Discovery & Replacement Service

To go until D-for-Distrust Day, Trustify have launched an industry-leading, fully resourced Certificate Discovery & Replacement Service.


Service Capabilities

Here are 6 key reasons why Trustify should be your Symantec Replacement Partner of choice

Automated Discovery & Inventory Management

Rogue, unknown and unmanaged certificates are an easy target for hackers. You need complete visibility into your infrastructure to control access to these certificates. CLOUD SSL enables on-demand discovery of certificates from servers, clients, and ADC devices and refreshes your inventory regularly with a midnight sync option.

Role-Based Access Control

Weak certificates and unregulated access can compromise the security of your application infrastructure. With CLOUD SSL, administer policies, such as recommended cryptographic techniques, CAs, and workflows, to eliminate rogue certificates. Delegate access and apply granular visibility to individual certificates or certificate groups to enable efficient provisioning.

Automated Certificate Enrolment

Each step in the certificate enrolment process introduces the possibility for costly human errors. With CLOUD SSL’s automation features, you can use a single console to order certificates from any supported CA or from your own internal CA, push issued certificates to multiple devices, renew existing certificates, revoke certificates and delete unused certificates all with ease and accuracy.

FIPS Compliance

Compliance builds trust. Trust builds a larger customer base. With CLOUD SSL, enforce policies and ensure encryption compliance with Federal Information Processing Standards (FIPS-140). The safety of your private keys is ensured using our AES-256 encrypted database or even better, a FIPS 140-2 certified HSM.

Holistic View of Certificates

Sifting through the thousands of certificates in your inventory can be cumbersome. With our holistic view, CLOUD SSL graphically represents important certificate information like the certificate’s chain of trust and its associated devices. You can also perform necessary life cycle management processes like issuing, renewing and revoking multiple certificates without having to leave the holistic view.

Certificate Expiry Alerting and Reporting

Unplanned system outages are both fiscally costly and damaging to a brand’s reputation. CLOUD SSL provides scheduled reports on non-compliant certificates, expired but unrevoked certificates, and soon to expire certificates to proactively address vulnerabilities. You can choose to receive these alerts/reports through emails or SNMP traps.