Confirm, administrator
5,526
edits
Changes
m
added link to info re about:config in FF
Note: In some instances, multiple subordinate CAs contain the same public key, necessitating whitelisting by subjectPublicKeyInfo. Refer to ([https://bugzilla.mozilla.org/show_bug.cgi?id=1409257 Bug 1409257]) for more information.
The [https://support.mozilla.org/en-US/kb/about-config-editor-firefox Firefox preference ] "security.pki.distrust_ca_policy" may be set to '1' to enable and '0' to override these changes.
In Firefox 63, Mozilla plans to remove the ‘before 1-June 2016’ rule and all Symantec TLS certificates will be distrusted except those issued by the whitelisted subordinate CAs listed above.
In a future Firefox release, we expect to remove the whitelist, and remove the ‘websites’ trust bit from all Symantec roots. The timing of these changes, and any changes to the ‘email’ trust bit (S/MIME) have not yet been determined.
