Firefox to distrust all TLS certificates issued by Symantec

By Chris Dawson August 3, 2018 - 5:55 pm

From October the 23rd 2018, the Firefox browser will distrust any TLS certificates issued by Symantec (or a parter company), regardless of when it was issued. Firefox 60 (the current release) already displays an “untrusted connection” error for any website using a TLS/SSL certificate issued before June 1, 2016 that chains up to a Symantec root certificate.

Symantec were a bit naughty and allowed a few companies to issue their certificates that didn’t comply with industry standard guidelines. To wipe the slate clean, browsers will simply stop trusting certificates issued by Symantec along with those from various brands such as Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL. Like Firefox, Google Chrome already distrust pre June 1, 2016 certificates and will distrust all Symantec certificates from the 16th October 2018.

In early March roughly 1% of websites were broken in Firefox 60 due to the change described above. Just before the release of Firefox 60 on May 9, 2018, less than 0.15% of websites were impacted – a major improvement in just a few months’ time. Still today, 3.5% of the top 1 million websites are using Symantec certificates that will be distrusted by October.

“We strongly encourage website operators to replace any remaining Symantec TLS certificates immediately to avoid impacting their users as these certificates become distrusted in Firefox Nightly and Beta over the next few months.”
– Firefox

When we last wrote about this issue, eBay and Amazon, the two biggest marketplaces in the UK both had security certificates issued by Symantec Corporation. Amazon upgraded to a DigiCert Inc certificate on the 28th of March with eBay also upgrading to a DigiCert Inc certificate on the 9th of July this year.

  • whitehat
    2 months ago still uses a legacy cert … doesn’t seem like an important endpoint lol

Tamebay Guide

Welcome to our Tamebay Guide. Companies listed in the directory represent the leading suppliers in the UK and Europe.
Amazon started as online book store and has grown to be the worlds
Whether you are buying new or used, plain or luxurious, commonplace

Recent Comments

4 mins ago
Emily: Maybe the new Ebay managed payments system is a blessing in disguise. Currently Ebay is...
39 mins ago
james: ebay will say or do anything today they feel will make them an extra quid,...
57 mins ago
Lucy: Mr Wenig quote from Tamebays 15 October article. “I don’t want to compete with Amazon;...
1 hour ago
Alex: Ebay also don’t allow sellers to trial the new payment system. Once you sign up...