Starting with Google Chrome version 70, any sites with remaining Symantec certificates will be flagged as untrusted, including those issued after June 1, 2016.
The release schedule for Chrome 70 is below:
- July 20, 2018 (Canary)
- September 13, 2018 (Beta)
- October 16, 2018 (Stable)
Google decided to distrust SSL certificates issued by Symantec due to a pattern of questionable certificate issuance practices.
Symantec's PKI business operated under several brand names (Thawte, VeriSign, Equifax, GeoTrust, RapidSSL) which issued certificates without proper oversight or verification.
There had been several high-profile incidents where Symantec was called out for shady behavior so Google decided to drop the hammer and distrust their certificates in Chrome.
After Google announced announced its decision, Symantec realized their certificates would be pretty much worthless. So they decided to sell off their entire CA business to DigiCert and exit the market.
To avoid Chrome browser security warnings about your site not being trusted or secure, replace the Symantec certificate as soon as possible.
DigiCert is offering free replacement certificates for anyone affected by this.