CA/Symantec Issues

From MozillaWiki
< CA
Revision as of 22:06, 30 December 2021 by Kathleen Wilson (talk | contribs) (Kathleen Wilson moved page CA:Symantec Issues to CA/Symantec Issues: Moved from CA: to CA/)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Following the investigation documented below, a consensus proposal was reached among multiple browser makers for a graduated distrust of Symantec roots. The dates in that proposal and how they apply to Mozilla's Root Program and Firefox are as follows:

  • December 1st, 2017: Symantec to implement "Managed CA" proposal
  • January 2018 (Firefox 58): Notices in the Developer Console will warn about Symantec certificates issued before 2016-06-01, to encourage site owners to migrate their TLS certs.
  • May 2018 (Firefox 60): Websites will show an untrusted connection error if they have a TLS cert issued before 2016-06-01 that chains up to a Symantec root.
  • October 2018 (Firefox 63): Removal/distrust of Symantec roots, with caveats described below.

Note: Mozilla's planned release content and schedules are subject to change.


This page lists all confirmed issues involving the CA "Symantec". It may be further updated by Mozilla as more information becomes available. Please do not edit this page yourself; if you have proposed changes, email Wayne. Information here is correct to the best of Mozilla's knowledge and belief. Symantec has also confirmed the accuracy of the information, although errors transcribing their statements into this page remain Mozilla's.

The issues are in broadly chronological order by end date.