CA/Upcoming Distrust Actions

From MozillaWiki
< CA
Jump to: navigation, search

Symantec

In line with a consensus proposal agreed by a number of browser vendors, Firefox is implementing a gradual distrust of all roots controlled by the CA "Symantec". The dates and associated scopes for this distrust are as follows:

  • May 2018 - Firefox 60 (released 2018-05-09): All SSL certificates issued by Symantec roots before 2016-06-01.
  • June 2018 - Firefox 63 Nightly: All SSL certificates issued by Symantec roots.
  • September 2018 - Firefox 64 Nightly: All SSL certificates issued by Symantec roots.
  • October 2018 - Firefox 64 Beta: All SSL certificates issued by Symantec roots.
  • December 2018 - Firefox 64 Release (released 2018-12-11): All SSL certificates issued by Symantec roots.

You should make sure to migrate sites you control to newer or alternative certificates well before the dates given. Symantec has issued some guidance on what site owners should do as part of their blog.

This applies to all of the brands Symantec operated; Thawte, RapidSSL, GeoTrust, Verisign, and Symantec.

Certificates issued by the independently-operated Google and Apple sub-CAs are exempt, but unless you are Google or Apple you will not be using those.