Compliance Management, Vulnerability Management

Symantec terminates employees for unauthorized HTTPS certificates

Symantec terminated employees involved in issuing unauthorized HTTP certificates for Google webpages.

The certificates "did not leave Symantec's secure testing labs, and did not affect the security or privacy of any user or organization," the company said, stressing it takes procedural breaches "extremely seriously."

The company is "putting even stronger safeguards in place to prevent an issue like this from occurring again," according to a statement emailed to

Symantec Vice President of Engineering Quentin Liu wrote in a blog post that the "test certificates and keys were always within our control and were immediately revoked" once discovered.

And Google security blog noted that Chrome's revocation metadata had been updated to include the public key of the mis-issued certificate for the domains and

Separately, Symantec named appointed Dan Rogers, formerly a vice president at, as chief marketing officer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.