SSL2BUY Wiki
News, Information and Resources about SSL Certificates
Comodo
Sectigo
AlphaSSL
RapidSSL
GeoTrust
Thawte
GlobalSign
DigiCert
Symantec
Authorized Reseller

Understanding Entrust SSL/TLS Certificates Distrust Issue and Possible Solutions

Who is Entrust?

Entrusted by Fortune 100, Government and large enterprises – Entrust is a prominent player in Data Security and Encryption Solutions. With >12% market share in HSM, PKI and SSL/TLS Certificates business industry, Entrust is a very close competition to DigiCert CA.

What is Entrust Certificate Distrust Issue?

In June 2024, Google Chrome announced that they no longer trust TLS certificates issued by Entrust effective from October 31, 2024. This announcement created chaos in competitive business and panic for a large customer base. Google stated the reason behind this issue;

“Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted CA Owner.”

History

Entrust is not the very first CA to face a distrust challenge. In 2017, Symantec, another well-known Certificate Authority, faced a similar Google Chrome distrust issue. This led to DigiCert acquiring the entire CA business from Symantec. They offered a very smooth transition to Symantec’s huge customer asset. DigiCert accomplished this milestone before the deadline and the entire transition process was well executed by industry experts.

Impact

This distrust issue affects SSL/TLS certificates issued by Entrust’s Root Certification Authority. However, all code signing and document signing solutions are still good. Customers utilizing Entrust SSL/TLS certificate and related services must seek an alternative solution from internationally trusted CAs like DigiCert, GlobalSign and GeoTrust – A DigiCert subsidiary.

Chaos

The CA distrust actions by browsers (especially Google Chrome) bring new opportunities for competition and global partners. Some speculate that Entrust will exit the Certificate Authority business – No, they won’t quit, they will rebrand or continue working under a different CA’s umbrella.

List of Entrust Products and Services Impacted by Chrome’s Distrust

Here’s a list of products and services that are subject to the recent distrust:

  • CN=Entrust Root Certification Authority – EC1,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
  • CN=Entrust Root Certification Authority – G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
  • CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net
  • CN=Entrust Root Certification Authority,OU=www.entrust.net/CPS is incorporated by reference+OU=(c) 2006 Entrust, Inc.,O=Entrust, Inc.,C=US
  • CN=Entrust Root Certification Authority – G4,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust, Inc. – for authorized use only,O=Entrust, Inc.,C=US
  • CN=AffirmTrust Commercial,O=AffirmTrust,C=US
  • CN=AffirmTrust Networking,O=AffirmTrust,C=US
  • CN=AffirmTrust Premium,O=AffirmTrust,C=US
  • CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US

How Entrust Reacts and Responds to This Major Event?

In response to the distrust issue, Entrust has decided to give up its role as a primary Root CA. Instead, it has partnered with SSL.com as its Parent CA. SSL.com is a global CA with full browser ubiquity, offering secure solutions for businesses and governments in over 180 countries. This strategic move aims to enhance compliance standards and restore trust in Entrust’s digital certificate offerings. By transitioning to SSL.com, Entrust seeks to provide its customers with a reliable alternative while ensuring their digital security needs are met without interruption.

Rating the Resolution Offered by Entrust

For years, Entrust operated as a ROOT CA and solely controlled their certificate issuance process and PKI business model. Now, working under someone else’s umbrella means you lost the crown and value of a subsidized CA. Entrust will no longer control customers’ business verification process, which will impact certificate delivery time. Given Entrust’s extensive experience and market presence, (who knows) they may acquire SSL.com in the future if they offer a smooth transition like DigiCert offered to Symantec customers.

Entrust Vs SSL.com certificates price comparison

Entrust Standard Plus OV SSL High Assurance SSL
$219.00
$69.00
Entrust Wildcard OV SSL Wildcard SSL Certificate
$799.00
$299.00
Entrust Multi-Domain EV SSL Enterprise EV SSL
$429.00
$299.00

*price reference date August 02, 2024
*all third-party product, company names and logos are trademarks™ or registered® trademarks and remain the property of their respective holders

Are You an Entrust Customer? Act Now to Protect Your Digital Assets

If you are an Entrust customer using PKI and SSL/TLS services, immediate action is required. Get in touch with Entrust support to enroll for new CA-labeled certificate procurement ASAP! Expect delays due to high demand, as Entrust manages a significant number of certificates. There is a greater delay with Organization Verifications. No Certificate Authority can issue an OV SSL/TLS certificate without verifying a business identity and this is a time-consuming process.

What Should You Do?

Firstly, reach out to your supplier – Entrust handles major business through solution partners and reseller channels. So, it’s important to discuss your options with them. You should ask them for the real and competitive value of SSL.com products. Earlier Entrust products were being sold at premium pricing. But considering the recent changes in brand positioning, Entrust’s turnaround solutions are not among the top choices anymore. Compare and ask yourself – Is it worth paying a premium price for SSL.com Root-enabled SSL/TLS certificates?

SSL2BUY Recommendation for Alternative Products

DigiCert

Yes, DigiCert tops our list because we worked closely with DigiCert during the Symantec-to-DigiCert transition. Only DigiCert can offer an expedited vetting process for large numbers of organizations. Along with SSL/TLS certificates, DigiCert offers solutions like PKI and DigiCert One – A complete automation solution for Certificate Management.

DigiCert is a step ahead in technology, trust level and brand values compared to Entrust.

With 15 years of direct channel business relationship, SSL2BUY has been associated with DigiCert since the VeriSign era. SSL2BUY is an authorized international distributor of DigiCert products and trust services.

Please contact our team at partners@ssl2buy.com for more information about DigiCert products, solutions, and pricing. Our established channel with DigiCert can help you negotiate a large deal and ensure a prioritized transition process.

GlobalSign

GlobalSign, a member of the GMO Group, is a renowned Certificate Authority providing digital trust services across the US, APAC, Southeast Asia, and the Middle East. Since 2011, SSL2BUY has been delivering GlobalSign Trust Certificates through both distributor and direct channels.

Their offerings include domain validation, business validation, wildcard, and EV SSL certificates, trusted by SMBs, large enterprises, and IoT innovators worldwide.

We guarantee the best pricing on GlobalSign products. Contact us today to learn more about how we can help you secure your digital assets with GlobalSign’s trusted solutions.

GeoTrust

GeoTrust is a subsidiary and economical solution from DigiCert. We recommend GeoTrust products for retail customers currently using Entrust certificates. If you are an Entrust customer looking to renew or purchase new certificates, GeoTrust is an excellent option that combines trusted security with cost-effectiveness.

GeoTrust is popular due to its reliability in securing digital communications and online transactions. Users can choose from several options for unparalleled security and peace of mind.

As a DigiCert brand, GeoTrust benefits from the parent company’s extensive experience and expertise in online security.  Don’t overpay for SSL certificates. Explore GeoTrust options today and protect your website on a budget.

Entrust SSL Certificates Alternatives & Competitors

Entrust Standard Plus OV SSL DigiCert Standard SSL Certificate GlobalSign OV SSL Certificate GeoTrust OV SSL Sectigo OV SSL
$219.00
$238.00
$175.00
$80.00
$60.00
Entrust Wildcard OV SSL DigiCert Wildcard SSL Certificates GlobalSign OV Wildcard SSL Certificate GeoTrust OV Wildcard SSL Certificate Sectigo OV Wildcard SSL Certificate
$799.00
$755.00
$600.00
$509.00
$400.00
Entrust Multi-Domain EV SSL DigiCert EV SSL/TLS Certificates GlobalSign EV SSL Certificate GeoTrust EV SSL Sectigo EV SSL
$429.00
$338.00
$429.00
$149.25
$91.00
Entrust Verified Mark Certificate DigiCert Verified Mark Certificates
$1299.00
$1199.00
Entrust PKI Services DigiCert ONE (extended PKI solution)
$9,011.00
Contact us

Impact of Entrust Distrust on Distributors and Channel Partners

Rest assured, Entrust will smoothly complete this transition process before the deadline. We’ve seen similar sandstorms in 2017 and experienced that CAs are capable of handling such events.

However, if your customers wish to switch from Entrust and demand alternate products or solutions – we can help. We can assist you in retaining your customers (legal contract and agreement) and offer competitive solutions.

SSL2BUY invites small channel distributors (no matter where you are on the earth) to join SSL2BUY Partner Program. Sell SSL/TLS certificates under your own brand and set your own pricing. We offer exclusive discount pricing and zero investment accounts for active or former Entrust Channel Partners, Distributors and Resellers.

Please contact partners@ssl2buy.com to know more about SSL2BUY reseller program. The program offers transparent policies with no hidden charges. It provides WHMCS modules for easy billing and SSL certificate management. Our team is dedicated to supporting you and ensuring a smooth transition for your customers.

Steps for a Smooth Transition from Entrust to SSL2BUY

How to Avoid Situations Like Google’s Distrust of Entrust?

Google’s decision to revoke confidence in Entrust’s public Certificate Authorities (CAs) has important repercussions for organizations that rely on Entrust certificates. Companies must plan for migration and ensure that Entrust-issued certificates are renewed and replaced with certificates from another publicly trustworthy CA. The ruling teaches firms significant insights on how to avoid similar situations.

Public CAs should only be used for entities that require public confidence, such as websites and applications. Internal systems and servers can benefit from private PKI, which verifies user and device authenticity while lowering external security threats. Private CAs offer a higher level of assurance and security.

To reduce possible interruptions, business entities should establish the capacity to easily add, switch, or move CAs, and consider using a multi-CA approach. The requirement to change all publicly trusted certificates pales compared to the coming move to quantum-safe algorithms. All CAs are prone to faults, resulting in certificate revocation by web browsers.

Organizations must be prepared to manage these revocations efficiently and replace old certificates with new ones while maintaining commercial activities. Mozilla’s suspicion of Entrust public CAs in May highlights the significance of preserving crypto-agility.

Businesses that use these concepts can improve their standing. Most crucially, it prevents CA trust concerns while ensuring the continuous security and accessibility of their digital assets.

In conclusion, while the transition from Entrust as a root CA presents challenges, it also offers opportunities to explore alternative providers like GeoTrust, DigiCert, and GlobalSign. SSL2BUY offer reliable, secure solutions to ensure continued trust and security for digital communications.

About the Author

Ann-Anica Christian

Ann-Anica Christian has honed her linguistic prowess over 6+ years as a Content Creator specializing in SaaS and Digital eCommerce. With a Master's in Electronics Science, she navigates the complexities of technology, translating intricate concepts into accessible and engaging content. She bridges the gap between transformative software solutions and the customer-centric world of online commerce, portraying a digital ecosystem where businesses thrive through technological evolution and customer satisfaction.