[Mozilla Enterprise] Upcoming change: Enforced distrust of Symantec certificates.

mhoye mhoye at mozilla.com
Fri Aug 17 14:51:06 UTC 2018 

Hello, Enterprise managers and administrators -


I’m writing to remind you that, as announced in March, both Chrome and 
Firefox will shortly be shipping with an enforced distrust of all 
Symantec certificates.


The March announcement, including the rationale and supporting 
documentation, is here: 
https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/


… and Mozilla is going to ship this change to all Firefox users in 
October as part of Firefox 63. Chrome is expected to ship an identical 
change shortly ahead of Firefox. After that date, any user visiting a 
site with a Symantec root certificate will see an error message warning 
them that your site is insecure.



The most recent announcement on the subject is here: 
https://blog.nightly.mozilla.org/2018/08/14/symantec-distrust-in-firefox-nightly-63/



The easiest way* to check whether or not a domain will be affected by 
this change is to consult the Mozilla Observatory:


https://observatory.mozilla.org/


There is a lot of useful information there, but if this specific problem 
affects you the Observatory will give you a warning in red at the top of 
the page, and encourage you to replace the certificate immediately.


We at Mozilla strongly encourage you to take that advice to heart.


Thank you,



- mhoye



* - if you're using Nightly, you have likely run into this problem in 
the last few days, but while we're grateful for the help and feedback we 
get from all of you who live and work in Nightly, we don't recommend 
running it solely to test this issue. Nightly is currently transitioning 
user profiles to a new backing data store, and switching back and forth 
between Release and Nightly on the same user profile will almost 
certainly result in unpredictable and undesirable behavior.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20180817/3f961c82/attachment.html>

More information about the Enterprise mailing list