Affecting Symantec-issued certificates will soon be distrusted

Published: | Categories: Privacy & Security

Description

Mozilla, among multiple browser vendors, has decided to distrust all TLS server certificates issued by Symantec due to the poor CA practice found through an extensive investigation and discussion. The upcoming distrust actions in Firefox keep in line with Google Chrome and apply to all the Symantec brands including GeoTrust, RapidSSL, Thawte and Verisign.

  • Firefox 60 shipping on May 9, 2018 shows the Insecure Connection error page for sites using a Symantec certificate issued before June 2016
  • Firefox 63 shipping on October 16, 2018 removes all the Symantec root certificates, shows the Insecure Connection error page for sites using a Symantec certificate regardless of the issue date

Before these dates, webmasters using any Symantec-issued certificate have to replace it with a new one or obtain an alternative certificate from any other CA such as Let’s Encrypt. Firefox 58 and 59 will show a console warning for sites using a Symantec certificate to encourage the migration.

References