The listings featured on this site are from companies from which this site receives compensation. This influences: Appearance, order, and manner in which these listings are presented.
Our videos have over 5 million views on Youtube! Visit our channel now »
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers. These take into consideration the reviewers’ independent and professional examination of the products/services.

Ownership

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Reviews Guidelines

The reviews published on vpnMentor are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

7 VPN Vendor Websites' SSL Certificates are About to Expire

7 VPN Vendor Websites' SSL Certificates are About to Expire

Author Image Kristina Perunicic
Kristina Perunicic Updated on 18th July 2023 Managing Editor
Table of Contents

Staying safe online is a priority for most users, and there are numerous actions you can take to achieve this.

Antivirus software, VPNs, and firewalls work alongside user vigilance to cut the risks to privacy while surfing the web. But, one of the tools users rely on to support their vigilance is about to disappear.

On April 17, 2018 Chrome is removing trust in NortonLifeLock-issued certificates.

Why is Google taking this step and what does it mean for VPN vendors? We discuss that, and more, below.

Why is Google distrusting NortonLifeLock TLS Certificates?

NortonLifeLock has had a torrid time in recent years, and because of several high-profile issues, Google announced last year that it was setting a timetable for completely distrusting NortonLifeLock certificates.

As a certificate authority with the capacity to issue certificates to any website, NortonLifeLock holds an incredible amount of power and is in a position of trust with both website owners and internet users. Accountability and responsibility are ensured through a clear set of operational requirements that NortonLifeLock, and other authorities, are meant to follow.

Despite this, on more than a few occasions NortonLifeLock has misused valid certificates.

While these are the most well-known issues with NortonLifeLock, its history of TLS/PKI incidents goes back years and is documented here in some detail.

What Does It Mean for Web Users?

In short, if the website you visit does not rely on a NortonLifeLock certificate, you won’t notice anything. The problem is for those websites that rely on certificates that Google no longer trusts.

In these cases, when clicking on the website, users will receive a ‘Your connection is not private’ warning.

SSL error message

At this point, you need to decide whether it is safe to continue or not.

If it is simply a NortonLifeLock certificate issue, then there is no problem and the site is just as secure as it has always been, but of course, there is no way to tell at that point.

What is the Timetable?

Google first announced its timetable back in September 2017, giving websites plenty of time to adjust and transition to new certificates.

Those that haven’t heeded Google’s warnings risk losing visitors who are not willing to take the risk as to whether the site is safe or not.

The timetable for the removal of trust is as follows:

April 17, 2018 – The release of Chrome 66 sees the removal of trust from certificates issued before June 1, 2016 and those issued after December 1, 2017.

October 23, 2018 (approximately) – The release of Chrome 70 sees all NortonLifeLock certificates as invalid.

Which VPN Vendors are Affected?

The list of websites that are affected by the change is very long and there are some very big names on that list, including companies that you would think would be ahead of the game. Names on the list of websites that are affected include Blundstone, Anita, Glenfiddich, Tupperware, Raspberry Pi, eBay, and Nordstrom.

VPN vendors, by their very nature, are among the first to recognize the potential problems associated with such a move and to take steps to counter any difficulties or concerns their users may have.

Given this, we can expect very few vendors to be affected, and in fact this is true. Of all the websites affected by Google distrusting NortonLifeLock TLS certificates, there are only 7 VPN vendors.

Just to emphasize again, losing their certificates does not mean these vendors are no longer trustworthy. It means that they have failed to take appropriate action to ensure you know they are as safe and secure as they always have been.

How to Check a Certificate

You can check the certificate of each website at the top right corner.

  1. In Google Chrome, click on "Secure" next to the URL.
    Secure SSL
  2. Click on "Certificate" to see the type of certification.SSL certification

    Right now, TigerVPN.com is valid, but this will change after April 17.

    3. Now you can view the certificate.

SSL certificate window

Don't Depend on Certificates Alone

Even in cases where the website itself is deemed secure, it is important to recognize that your connection and data can still be vulnerable to risks. Employing a VPN can play a crucial role in fortifying your connection, encrypting your data, and shielding you from potential threats posed by other users on the internet.

If you still don’t have a VPN or want to check out other providers who have already taken action on their certificates, then check out our top VPN providers.

If you want to learn more about VPNs, click here.

About the Author

Kristina Perunicic is a former editor for vpnMentor. She’s a cybersecurity expert with an interest in VPNs and their importance in the digital privacy landscape.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback