==Symantec==
In accordance [https://groups.google.com/d/topic/mozilla.dev.security.policy/FLHRT79e3XE/discussion with the distrust plan of 2017], Symantec certificates issued before 1-June 2016 are distrusted starting in Firefox 60 unless they are issued by whitelisted subordinate CAs that have the following SHA-256 Subject Public Key hashes (subjectPublicKeyInfo):
Symantec certificate issued before 1 June 2016 are distrusted starting in Firefox 60 unless they are issued by certain whitelisted intermediate CAs (Apple:<br /> * [https://crt.sh/?spkisha256=c0554bde87a075ec13a61f275983ae023957294b454caf0a9724e3b21b7935bc c0554bde87a075ec13a61f275983ae023957294b454caf0a9724e3b21b7935bc]* [https://crt.sh/?spkisha256=56e98deac006a729afa2ed79f9e419df69f451242596d2aaf284c74a855e352e 56e98deac006a729afa2ed79f9e419df69f451242596d2aaf284c74a855e352e]* [https://crt.sh/?spkisha256=7289c06dedd16b71a7dcca66578572e2e109b11d70ad04c2601b6743bc66d07b 7289c06dedd16b71a7dcca66578572e2e109b11d70ad04c2601b6743bc66d07b]* [https://crt.sh/?spkisha256=fae46000d8f7042558541e98acf351279589f83b6d3001c18442e4403d111849 fae46000d8f7042558541e98acf351279589f83b6d3001c18442e4403d111849]* [https://bugzillacrt.mozillash/?spkisha256=b5cf82d47ef9823f9aa78f123186c52e8879ea84b0f822c91d83e04279b78fd5 b5cf82d47ef9823f9aa78f123186c52e8879ea84b0f822c91d83e04279b78fd5]* [https://crt.orgsh/?spkisha256=e24f8e8c2185da2f5e88d4579e817c47bf6eafbc8505f0f960fd5a0df4473ad3 e24f8e8c2185da2f5e88d4579e817c47bf6eafbc8505f0f960fd5a0df4473ad3]* [https://show_bugcrt.cgish/?idspkisha256=1409257 Bug 14092573174d9092f9531c06026ba489891016b436d5ec02623f9aafe2009ecc3e4d557 3174d9092f9531c06026ba489891016b436d5ec02623f9aafe2009ecc3e4d557]) Google:<br /> * [https://crt. This is in accordance sh/?spkisha256=ec722969cb64200ab6638f68ac538e40abab5b19a6485661042a1061c4612776 ec722969cb64200ab6638f68ac538e40abab5b19a6485661042a1061c4612776] DigiCert:<br /> * [https://groupscrt.googlesh/?spkisha256=8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26 8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26]* [https://crt.comsh/d?spkisha256=b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97 b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97]* [https:/topic/mozillacrt.devsh/?spkisha256=7cac9a0ff315387750ba8bafdb1c2bc29b3f0bba16362ca93a90f84da2df5f3e 7cac9a0ff315387750ba8bafdb1c2bc29b3f0bba16362ca93a90f84da2df5f3e]* [https://crt.securitysh/?spkisha256=ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee ac50b5fb738aed6cb781cc35fbfff7786f77109ada7c08867c04a573fd5cf9ee] Note: In some instances, multiple subordinate CAs contain the same public key, necessitating whitelisting by subjectPublicKeyInfo.policyRefer to ([https:/FLHRT79e3XE/discussion with bugzilla.mozilla.org/show_bug.cgi?id=1409257 Bug 1409257]) for more information. In Firefox 63, the distrust plan ‘before 1-June 2016’ rule will be removed and all Symantec TLS certificates will be distrusted except those issued by the whitelisted subordinate CAs listed above. In a future Firefox release, we expect to remove the whitelist, and remove the ‘websites’ trust bit from all Symantec roots. The timing of 2017]these changes, and any changes to the ‘email’ trust bit (S/MIME) have not yet been determined.
