Google To Distrust Symantec Certificates

Not open for further replies.

dutty handz

Jun 24, 2015
Isn't Chrome using the certificates store from Windows ? I know Mozilla uses its own certificate store, but I was lead to believe that Chrome was using Windows certificate store, as in our company we add certificates through GPO to the Windows Certificate store and those imported certificates are then used in Chrome.


Mar 24, 2017
I think Symantec is a garbage of duplicates, Keep Going Symantec. Still Certificate Authorities are silent.
"Symantec’s Untrustworthy Certificate Validation System"
You didn't have to say the "Certificate Validation System" part.

Their software is a Joke. The corporation I work for used all of their software and it all sucks and crashes all the time. They need to just give up or fire half the company and keep any GOOD programmers or just sell the whole company.

You are correct for adding certificate:

"Google Chrome

"Google Chrome attempts to use the root certificate store of the underlying operating system to determine whether an SSL certificate presented by a site is indeed trustworthy, with a few exceptions.
Root Certificate Programs

"In order for Chrome to be able to trust a root certificate, it must either be included by the underlying operating system or explicitly added by users. If you are a root CA, the following contacts should be used:
Microsoft Windows: Microsoft Root Certificate Program.
Apple OS X: Apple Root Certificate Program
Linux: There is no central root certificate program as part of Linux. When running on Linux, Google Chrome uses the Mozilla Network Security Services (NSS) library to perform certificate verification. When packaged or built from source, NSS includes certificates vetted according to the Mozilla Root Certificate Program. For most Linux users, it is sufficient that once included in the Mozilla Root Program, users of Google Chrome should see your root CA as trusted. However, please be aware that Linux distributions which package NSS may further alter this list with additions or removals based on local, distribution-specific root certificate programs, if any."

However there are also two processes for REVOKING trust on an issued certificate. One uses "Certificate Revocation Lists" which are not used by default except for EV certificate like the ones listed here. The other process is a batch update process where google collects all the revoked certificates and sends them as a batch update to chrome.


Mar 25, 2011
I work for a very large anti-virus company and I can tell you this: this little feud is causing havoc on a scale never before seen... Behind the scenes of course...

Anyways, it's quieted down a bit, hopefully it stays that way...
Not open for further replies.