CA/Upcoming Distrust Actions: Difference between revisions
< CA
Jump to navigation
Jump to search
(→Symantec: Updated 60 release date) |
(Updated to match current plan) |
||
| Line 1: | Line 1: | ||
==Symantec== | ==Symantec== | ||
In line with a [https://groups.google.com/a/chromium.org/d/msg/blink-dev/eUAKwjihhBs/El1mH8S6AwAJ consensus proposal] agreed by a number of browser vendors, Firefox is | In line with a [https://groups.google.com/a/chromium.org/d/msg/blink-dev/eUAKwjihhBs/El1mH8S6AwAJ consensus proposal] agreed by a number of browser vendors, Firefox is implementing a gradual distrust of all roots controlled by the CA "Symantec". The dates and associated scopes for this distrust are as follows: | ||
* May 2018 | * May 2018 - Firefox 60 ([[RapidRelease/Calendar|released]] 2018-05-09): All SSL certificates issued by Symantec roots before 2016-06-01. | ||
* October 2018 ( | * June 2018 - Firefox 63 [https://www.mozilla.org/en-US/firefox/channel/desktop/ Nightly]: All SSL certificates issued by Symantec roots. | ||
* September 2018 - Firefox 64 [https://www.mozilla.org/en-US/firefox/channel/desktop/ Nightly]: All SSL certificates issued by Symantec roots. | |||
* October 2018 - Firefox 64 [https://www.mozilla.org/en-US/firefox/channel/desktop/ Beta]: All SSL certificates issued by Symantec roots. | |||
* December 2018 - Firefox 64 Release ([[RapidRelease/Calendar|due for release]] 2018-12-11): All SSL certificates issued by Symantec roots. | |||
You should make sure to migrate sites you control to newer or alternative certificates well before the dates given. Symantec has issued [https://www.symantec.com/connect/blogs/information-replacement-symantec-ssltls-certificates some guidance on what site owners should do as part of their blog]. | You should make sure to migrate sites you control to newer or alternative certificates well before the dates given. Symantec has issued [https://www.symantec.com/connect/blogs/information-replacement-symantec-ssltls-certificates some guidance on what site owners should do as part of their blog]. | ||
Revision as of 21:48, 17 October 2018
Symantec
In line with a consensus proposal agreed by a number of browser vendors, Firefox is implementing a gradual distrust of all roots controlled by the CA "Symantec". The dates and associated scopes for this distrust are as follows:
- May 2018 - Firefox 60 (released 2018-05-09): All SSL certificates issued by Symantec roots before 2016-06-01.
- June 2018 - Firefox 63 Nightly: All SSL certificates issued by Symantec roots.
- September 2018 - Firefox 64 Nightly: All SSL certificates issued by Symantec roots.
- October 2018 - Firefox 64 Beta: All SSL certificates issued by Symantec roots.
- December 2018 - Firefox 64 Release (due for release 2018-12-11): All SSL certificates issued by Symantec roots.
You should make sure to migrate sites you control to newer or alternative certificates well before the dates given. Symantec has issued some guidance on what site owners should do as part of their blog.
This applies to all of the brands Symantec operated; Thawte, RapidSSL, GeoTrust, Verisign, and Symantec.
Certificates issued by the independently-operated Google and Apple sub-CAs are exempt, but unless you are Google or Apple you will not be using those.