We're receiving some contradictory information from our certificate vendors, one of which is offering us a coupon to replace our existing Geotrust True BusinessID Wildcard certificate due to Google Chrome's plans to distrust Symantec certificates.
This covers Geotrust, Thawte, RapidSSL and Symantec certificates, in other words, the majority of Certificate Authorities listed under FileMaker Server's tested/supported certificates.
As far as I can establish, we are being offered a free replacement of a Comodo PremiumSSL + Wildcard. However, the only 2 Comodo certificates listed as supported by FM Server are the Elite SSL Certificate and EV SSL, so will this work and do we step outside FileMaker support?
We also use RapidSSL certificates on our Citrix servers and the True BusinessID wildcard certificate on our RemoteApp servers, so this is starting to look like a minefield to us, particularly as these certificates cost us quite a bit of money each year.
I can't give this the attention it deserves right now, as skiing in the French Alps is of far more importance this week, but this provides an explation: Google Online Security Blog: Chrome’s Plan to Distrust Symantec Certificates and then the FAQs page at:
(sorry if the above splits) appears to indicate that we may be able to reissue Symantec certificates from December 2017 onwards that will be supported.
We haven't got our heads around how we would do that, as to my knowledge, we have no Symantec Trust Centre account, due to us buying from another vendor, hence an urgent post ski job for us. However, upon checking, we renewed our wildcard and one RapidSSL certificate towards the end of December, so maybe we're OK on some servers?
At the moment it would appear that we may be approaching a problem with Chrome accessing WebDirect and FM Server admin console pages and, in our case, possible Chrome to Citrix launch pages. From the first link above, the 2018 dates this could start causing problems are March 15th, April 17th, September 13th and October 23rd.
The above is about as much as I can glean for now, but this is a perfect example as to why we only purchase certificates for 1 year at a time.