Affecting Symantec, GeoTrust, RapidSSL, Thawte, Verisign certificates will all be distrusted in October 2018

Published: | Categories: Privacy & Security

Description

As the last step in the ongoing multi-vendor distrust actions against Symantec due to the various CA practice issues, Firefox 63 shipping October 16 as well as Google Chrome 70 shipping October 23 will remove the trust in all the existing TLS server certificates issued by Symantec, including ones issued under the GeoTrust, RapidSSL, Thawte and Verisign brands.

Firefox 58 and later have shown a console warning for the affected certificates, and Firefox 60 has already distrusted ones issued before June 2016. Firefox 63 and later will show the Insecure Connection error page for sites using a Symantec-issued certificate regardless of the issue date.

To avoid the unwanted error page, webmasters using any of these certificates have to replace it with a new one or obtain an alternative certificate from other CA as soon as possible. We recommend Let’s Encrypt that offers trusted certificates for free.

References