Source URL: https://blog.cloudflare.com/how-cloudflare-is-helping-domain-owners-with-the-upcoming-entrust-ca
Source: The Cloudflare Blog
Title: How Cloudflare is helping domain owners with the upcoming Entrust CA distrust by Chrome and Mozilla
Feedly Summary: Chrome and Mozilla will stop trusting Entrust’s public TLS certificates issued after November 2024 due to concerns about Entrust’s compliance with security standards. In response, Entrust is partnering with SSL.com to continue providing trusted certificates. Cloudflare will support SSL.com as a CA, simplifying certificate management for customers using Entrust by automating issuance and renewals.
AI Summary and Description: Yes
Summary: The text discusses the decision by Chrome and Mozilla to distrust Entrust’s TLS certificates due to compliance failures, prompting Entrust to partner with SSL.com to maintain trust. Additionally, Cloudflare is facilitating this transition for its customers, enhancing certificate management while ensuring compliance and security.
Detailed Description:
The decision made by major browsers, Chrome and Mozilla, to distrust Entrust’s public TLS certificates has significant implications for the internet security landscape. This action stems from Entrust’s history of compliance failures, undermining their credibility as a Certificate Authority (CA). The text highlights the response strategy of Entrust, which involves a partnership with SSL.com, a trusted CA, to mitigate the impact on their customers.
Key points include:
– **Browser Trust:**
– Chrome and Mozilla stopped trusting Entrust’s certificates due to failure to meet CA/Browser Forum requirements and significant compliance concerns.
– Over six years, Entrust exhibited a pattern of delayed incident reporting and certificate revocation, prompting distrust from these browsers.
– **Partnership with SSL.com:**
– To avoid service disruption for customers, Entrust will issue certificates through SSL.com.
– SSL.com is recognized and trusted by major browsers, ensuring continuity for Entrust’s clients.
– **Cloudflare’s Role:**
– Cloudflare announced integration with SSL.com to offer automated certificate issuance and renewal for customers previously reliant on Entrust.
– This automation reduces the time-consuming tasks associated with manual certificate management, especially as certificate lifetimes shorten from one year to 90 days.
– **Importance of Compliance:**
– Publicly trusted CAs are bound by strict standards set by the CA/Browser Forum, which includes clear protocols for mis-issued certificates.
– Compliance failures can lead to significant risks, such as impersonation attacks and data breaches, emphasizing the need for continuous adherence to security standards.
– **Entrust’s Improvements:**
– Entrust is revamping its organizational structure and incident response processes to address the deficiencies that led to the distrust from browsers.
– **Certificate Management Transition:**
– Cloudflare is proactively reaching out to customers currently using Entrust to facilitate a smooth transition to the SSL.com certificate management pipeline.
– The recommendation includes utilizing Cloudflare’s managed services to enhance security and operational efficiency.
This situation underscores the critical relationship between certificate authorities, browser trust, and the ongoing need for compliance and security in an increasingly digital infrastructure. For security and compliance professionals, monitoring these developments is essential, as they highlight the importance of maintaining high standards of operational integrity within service providers.