Apple will stop trusting Symantec certificates without CT logs tomorrow

Previously, Symantec was boycotted by the industry for issuing digital certificates for violations. Symantec has now sold its certificate business to new partners.

At this time, Google Chrome has begun to intercept digital certificates issued by the original Symantec, and websites that still use the old Symantec digital certificates should replace immediately.

At the same time, Apple will completely stop trusting the original Symantec certificate this fall, but some certificates that do not support transparency will not be trusted tomorrow.


The Digital Certificate Transparency Project is an encrypted digital certificate detection and security auditing system initiated by Google Inc. that is currently supported by the industry.

The system provides operational and monitoring logs after the digital certificate are issued so that it identify when there is a violation or improper signature by the digital certificate authority.

Most browsers and operating systems currently require certificates to provide transparency logs, and browsers and operating systems will refuse authentication if they are not available.

Apple requires that the original Symantec digital certificate issued after June 1, 2016, to December 1, 2017, must provide a certificate transparency CT log.

If such a certificate fails to provide a certificate transparency log, Apple will block it, that is, Apple’s operating system and browser no longer trust such certificates.

The exception is that if the digital certificate issued during this period supports the transparency log, the trust cycle will not continue until October 15, 2018.

Symantec has sold the certificate business to a new partner, and the current Symantec series of certificates can already be applied for a new digital certificate.

Therefore, webmasters and application developers only need to go to the original certificate authority to apply for a replacement certificate, and the new certificate can be trusted.

The application for the renewal certificate itself is also free, that is, the original Symantec root certificate is now replaced with the DigiCert root certificate, which can be trusted by all operating systems.