How to Test HTTPS Using Chrome Canary
As you know, Google Chrome version 70 will distrust the final batch (P2) of Symantec Trusted Roots for GeoTrust and Symantec Certificates purchased between June 1, 2016 and December 1, 2017. The public release of Chrome 70 (stable) is scheduled for October 16, 2018 and many of our customers have asked how they can test their sites now so they are certain the reissued certificates are installed correctly and Chrome 70 will not affect their sites when it is released to the public.
Chrome Canary is the pre-release (beta) version of the Chrome Browser that developers use to test various components that are used with the browser. Chrome Canary is now available to download and use. You can test your sites using this pre-release version to make sure that your certificates are installed correctly.
Don’t be scared by the ‘developer’ label—using Chrome Canary is as easy as using the consumer ‘stable’ version. It installs as a separate program and does not affect your stable version of Chrome.
Also note that if any of your website’s visitors are using Canary, they may already be seeing your site distrusted if you have not reissued your certificate to use the Digicert Trusted Root. Canary is only used by a fraction of Chrome users, so that won’t have a large impact, but it should be kept in mind that getting prepared early allows you to give the best user experience to 100% of your audience.
The banner at the top of the page in your SSL Manager lists any certificates that have not been reissued to use the Digicert Trusted Root. Any certificates referenced in the banner must be reissued and installed to replace the existing certificates prior to the release of Chrome 70 on October 16, 2018. Failure to reissue and replace your certificate will result in site visitors being blocked from your site using Chrome 70.
You can also use our SSL Installation Checker to check that the reissued certificate is installed correctly. You will want to check the Certificate Chain at the bottom on the Checker to make sure the Trusted Root is from Digicert.