Chrome TLS Update 2025: Chunghwa Telecom Certificates Will Be Distrusted
Here is the latest Chrome TLS Update 2025. Google has announced that as of August 2025, Chrome will no longer trust TLS server authentication certificates issued by Chunghwa Telecom’s Public Certification Authority, also known as HiPKI or Netlock. This decision has direct implications for website owners, developers, and cybersecurity professionals, and reflects Google’s continued effort to maintain the integrity of the public key infrastructure (PKI) ecosystem.
Why Google Is Distrusting HiPKI and Netlock
This action stems from repeated compliance failures by Chunghwa Telecom’s certificate authority operations. Specifically, Google cited:
- Poor incident response during security events
- Inadequate certificate lifecycle management
- Failure to meet industry-mandated CA standards
By continuing to trust non-compliant Certification Authorities, Google would risk weakening the reliability and security of Chrome’s root store. This measure enforces a clear message: compliance with baseline security expectations is mandatory, not optional.
What Will Happen in August 2025
Once this change takes effect, Chrome will flag certificates issued by Chunghwa Telecom as untrusted. This will impact:
- All desktop versions of Google Chrome
- Android Chrome users
- Any platform using Chrome’s root certificate store
Websites relying on these certificates will generate security warnings for users, leading to reduced trust, site abandonment, and possible service disruption.
What Site Operators Must Do Now To Adhere To The Chrome TLS Update 2025
ZENDATA recommends organisations act now to ensure continued browser trust and uninterrupted user access.
Key action steps:
- Audit your existing TLS certificates to identify any issued by Chunghwa Telecom (HiPKI/Netlock)
- Replace them with certificates from a trusted Certificate Authority recognised by Chrome (e.g., DigiCert, GlobalSign, Let’s Encrypt, or Sectigo)
- Test site access in staging environments using Chrome to identify any upcoming browser warnings
- Update certificate management procedures to align with industry best practices and ensure ongoing compliance
Why This Matters: Google’s Role in PKI Integrity
This policy reflects Google’s long-standing commitment to a secure internet. By distrusting Chunghwa Telecom certificates, Google is protecting users from the risk of invalid or mismanaged certificates—especially in scenarios where user trust is critical.
A secure web requires that all Certificate Authorities consistently adhere to global standards. ZENDATA supports this shift as it strengthens the trust fabric between users, browsers, and websites worldwide.
ZENDATA’s Analysis: A Necessary Security Enforcement
ZENDATA views this move as a decisive and necessary enforcement action. A failure to act would erode user confidence in browser-based security models. By revoking trust in Chunghwa Telecom’s certificates, Google is signalling to all CAs that accountability and transparency are essential.
This is not a punitive action—it is a protective measure aimed at preserving the long-term stability of the PKI ecosystem. Certification Authorities must view compliance not as a technical checklist but as a strategic obligation.
ZENDATA’s Final Thoughts
If your organisation still relies on Chunghwa Telecom-issued TLS certificates, do not wait until August 2025. Begin your migration strategy immediately to avoid user-facing errors and compliance risks.
ZENDATA offers full certificate lifecycle audits, authority migration planning, and best-practice enforcement to ensure your digital infrastructure remains trusted, secure, and fully aligned with industry changes.
This article is inspired by Bleeping Computer sources.
