English
简体中文 English
Home Domain DNS SSL Cerificates Domain Pollution Processing
Support
Help Center Notice News About Us Contact Us
Login Register
Home News Reflections on Entrust’s Revocation of Trust by Google – Can Trusted CAs Still Be Trusted?
Reflections on Entrust’s Revocation of Trust by Google – Can Trusted CAs Still Be Trusted?
Time: 2024-07-16 10:59:53
Edit: DNS.IO

Reflection on Entrust Being Untrusted by Google – Can Trusted CAs Still Be Trusted?

 

On June 27th, Google’s Chrome security team announced that Chrome would no longer trust several Entrust root certificates after October 31, 2024. This event has a significant impact on the industry and has sparked widespread attention and deep reflection in the field of cybersecurity.

 

Browser Companies’ Excessive Power May Undermine Trust in the Entire CA Industry

 

Entrust, once hailed as one of the oldest CAs, now faces the fate of being discarded by mainstream browsers. This reveals that trusted certificates can become untrusted at any time or are only temporarily trusted. Its predicament acts as a domino effect, leading to widespread skepticism within and outside the industry about the trustworthiness of CAs. The so-called trusted CA certificates are essentially fragile bubbles built on browser companies’ recognition, and they can burst at any time.

 

Browser vendors (Chrome, Firefox, etc.) are increasingly acting like “dictators” in the industry, making arbitrary decisions about CAs based on their market position. This “power game” not only diminishes the CA’s sense of self-worth but also casts a shadow on the fairness of the entire industry, leaving uncertainty about who will be the next to be “untrusted.”

 

Are Currently Trusted CAs Really Safe?

 

After Entrust was untrusted, many peers rushed to attract Entrust’s clients and offered migration solutions on their websites. It seems like Entrust is on the menu, and major CAs are on the table, but in reality, all CAs are on the menu; Google, Microsoft, Firefox, and other browser or operating system companies are actually at the table.

 

• In 2018, Symantec was untrusted (later rebranded through a merger with Digicert to continue services)

• In 2017, the domestic CA WoTrus was untrusted (later continued services under a different name)

 

These cases illustrate that under the rules dictated by browser companies, there is no eternal trust, only temporary trust. For end users, while searching for a new temporary trusted CA, it’s crucial to consider how to build a more robust trust system. Relying solely on a single temporarily trusted CA is insufficient. Instead, it’s important to have multiple CA options and establish a flexible and efficient certificate management process to quickly respond to potential changes and ensure service continuity.

 

SSL Certificate Automation and Management Tools: The Ultimate Solution for “Temporarily Trusted CAs”

 

With the frequent occurrences of CAs being untrusted, having multi-CA SSL certificate automation and management tools has become crucial for businesses.

 

A multi-CA SSL automation and management system can help enterprises complete one-click replacements when encountering untrusted CA certificates.

 

Besides one-click certificate brand replacement, it also needs to address the challenge of large-scale SSL certificate deployment. This includes automatic certificate application, download, renewal, reissue, revocation, and brand change. Additionally, the automation system should support automatic discovery, renewal, deployment, real-time monitoring, log management, multiple public CA interfaces, early warning, and compliance checking.

 

Nine Essential Functions of SSL Certificate Automation

 

1. Various certificate operations (application, download, renewal, reissue, revocation, and brand change).

2. Automated discovery and deployment of all certificates, avoiding manual uploads by administrators.

3. Automatic renewal before certificate expiration.

4. Automatic deployment of certificates to designated locations (supports multiple platforms).

5. Real-time monitoring of certificate status, expiration, and deployment.

6. Log management ensures transparency and traceability in certificate management.

7. Multiple public CA interfaces guarantee backup options if the current CA encounters problems.

8. Early warnings for certificates approaching expiration.

9. Compliance checking through built-in rules to issue alerts for non-compliance.

 

These nine foundational functions of certificate automation management minimize the complexity of certificate management, adapt to industry changes, and achieve true automated operation!

 

Transition from Trusting CAs to Trusting CLM Tools

 

Considering that currently trusted CAs can become unreliable at any time and that certificate lifecycles are becoming shorter, opting for a CLM (Certificate Lifecycle Management) tool that interfaces with multiple CAs is undoubtedly a wise choice. Relying solely on temporarily trusted CAs for single-point management can no longer meet the increasingly complex network environment and business needs. A multi-CA CLM automation management system is the choice for all enterprises. Companies will gradually shift from trusting a single CA’s SSL certificates to trusting CLM tools that can operate securely and stably over the long term, ensuring that enterprises always receive trustworthy CA services.

Sign up to enjoy professional DNS services. Register now
DNS.IO
About Us Contact Us
Product
Domain DNS SSL Cerificates Domain Pollution Processing
Support
Help Center Notice News
Service & Support
Customer Service:public@dns.io Technical Support:support@dns.io Business Cooperation:business@dns.io
Contact Us
Consult
Official QQ:3874865342
WhatsApp Customer Service
© 2025 DNS.IO All rights reserved