SSL certificate from cloudfront content


(Michael Friedrich) #1

Hi,

while browsing with dev tools in Chrome opened back here, I recognised a warning like this in the console:

The SSL certificate used to load resources from https://d11a6trkgmumsb.cloudfront.net will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.

By the end of 2018, this might break meta with Chrome 70. I do see that it is Amazon Cloudfront with a Wildcard certificate issued by Symtantec.

michi@mbmif ~/coding/icinga/icinga2 (master *=) $ openssl s_client -connect d11a6trkgmumsb.cloudfront.net:443
...
subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.cloudfront.net
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4

So I am guessing that Amazon will take action soon enough, but who knows :slight_smile:

Kind regards,
Michael


(Matt Palmer) #2

Yep, I’m quite confident Amazon will have switched away from the soon-to-be-distrusted Symantec root by the end of the year, given that they’re a CA of their own now.


(Matt Palmer) #3