Firefox to distrust all TLS certificates issued by Symantec

By Chris Dawson August 3, 2018 - 5:55 pm

From October the 23rd 2018, the Firefox browser will distrust any TLS certificates issued by Symantec (or a parter company), regardless of when it was issued. Firefox 60 (the current release) already displays an “untrusted connection” error for any website using a TLS/SSL certificate issued before June 1, 2016 that chains up to a Symantec root certificate.

Symantec were a bit naughty and allowed a few companies to issue their certificates that didn’t comply with industry standard guidelines. To wipe the slate clean, browsers will simply stop trusting certificates issued by Symantec along with those from various brands such as Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL. Like Firefox, Google Chrome already distrust pre June 1, 2016 certificates and will distrust all Symantec certificates from the 16th October 2018.

In early March roughly 1% of websites were broken in Firefox 60 due to the change described above. Just before the release of Firefox 60 on May 9, 2018, less than 0.15% of websites were impacted – a major improvement in just a few months’ time. Still today, 3.5% of the top 1 million websites are using Symantec certificates that will be distrusted by October.

“We strongly encourage website operators to replace any remaining Symantec TLS certificates immediately to avoid impacting their users as these certificates become distrusted in Firefox Nightly and Beta over the next few months.”
– Firefox

When we last wrote about this issue, eBay and Amazon, the two biggest marketplaces in the UK both had security certificates issued by Symantec Corporation. Amazon upgraded to a DigiCert Inc certificate on the 28th of March with eBay also upgrading to a DigiCert Inc certificate on the 9th of July this year.

  • whitehat
    7 months ago still uses a legacy cert … doesn’t seem like an important endpoint lol

Featured in this article from the Tamebay Guide – companies that can help you grow and manage your business.

See More Companies >

Recent Comments

7 hours ago
Gav: Yeah, I can't believe Amazon think getting rid of expedited shipping is a good idea....
8 hours ago
Simon E: I was happy with using spreadsheets but I looked into the good old MTD, just...
8 hours ago
Gav: Thanks for clarifying Chris If you need it quick, you've already paid for prime and Amazon...
9 hours ago
Chris Dawson: Honestly haven't a clue Gav - having clicked the Prime button to ensure delivery I...