CA/Upcoming Distrust Actions

From MozillaWiki
< CA
Jump to: navigation, search


In line with a consensus proposal agreed by a number of browser vendors, Firefox is implemented a gradual distrust of all roots controlled by the CA "Symantec". The dates and associated scopes for this distrust are as follows:

  • May 2018 (Firefox 60, currently due for release 2018-05-09): All certificates issued by Symantec roots before 2016-06-01.
  • October 2018 (Firefox 63, currently due for release 2018-10-16): All certificates issued by Symantec roots.

You should make sure to migrate sites you control to newer or alternative certificates well before the dates given. Symantec has issued some guidance on what site owners should do as part of their blog.

This applies to all of the brands Symantec operated; Thawte, RapidSSL, GeoTrust, Verisign, and Symantec.

Certificates issued by the independently-operated Google and Apple sub-CAs are exempt, but unless you are Google or Apple you will not be using those.