Affecting Symantec, GeoTrust, RapidSSL, Thawte, Verisign certificates will all be distrusted in October 2018

Published: | Categories: Privacy & Security


As the last step in the ongoing multi-vendor distrust actions against Symantec due to the various CA practice issues, Firefox 63 shipping October 23 will remove the trust in all the existing TLS server certificates issued by Symantec, including ones issued under the GeoTrust, RapidSSL, Thawte and Verisign brands. The same change will be made to Google Chrome 70 shipping October 16.

Firefox 58 and later have shown a console warning for the affected certificates, and Firefox 60 has already distrusted ones issued before June 2016. Firefox 63 and later will show the Insecure Connection error page for sites using a Symantec-issued certificate regardless of the issue date.

To avoid the unwanted error page, webmasters using any of these certificates have to replace it with a new one or obtain an alternative certificate from other CA as soon as possible. We recommend Let’s Encrypt that offers trusted certificates for free.

Update: The change has been made to Firefox Nightly on August 14, and affected sites are being tracked in Bug 1484006. Firefox Beta and Developer Edition will be updated with the change on September 25.