Security Market Segment LS
Tuesday, 18 September 2018 11:54

Chrome, Firefox will not trust Symantec SSL certs from next release Featured


In what is sure to cause concern at the the top levels of one of the leading security software vendors, upcoming releases of the two more popular Web browsers, Chrome and Firefox, will no longer trust Symantec SSL certificates.

A browser will check the validity of a SSL certificate in order to confirm the validity of the website being loaded. This is done by validating a chain of trust. Certificate Authorities will guarantee the certificates they issue, along with the bona fides of any secondary issuing authority that is operating under their umbrella. A very rigorous process is needed to validate any entity that wishes to obtain a certificate.

In 2016, users became aware that Symantec (and their supported issuers) was issuing certificates in contravention of the established guidelines and posted their finding to a Mozilla security mailing list. After considerable discussion among the other CAs, a decision was made to distrust Symantec and to remove it as a CA.

The final announcement to distrust Symantec certificates was made in late 2017 and all Symantec certificate holders were given a year to replace their SSL certificates with one from an issuer who was trusted. The "distrust" also applies to certificates from Thawte, Geotrust and RapidSSL, all of which used Symantec as a central authority.

Mozilla Firefox and Chrome will start rejecting any affected certificates from their next releases in October. Apple's Safari browser has already started a partial distrust and will finalise this process later in 2018.

Digicert has acquired the Symantec CA and has been re-issuing certificates without charge. Anyone who has already begun this process, need to take no further action as the replacement certificate will be trusted by all browsers.

According to Mozilla, about 3.5% of the top one million websites are still secured with certificates that will no longer be trusted, despite extensive warnings. If anyone has access to Firefox Nightly or Chrome Canary, the standard "Invalid Certificate" warning will most likely be seen, rather than the actual website.

iTWire has been unable to find an official statement from Microsoft about its position on this issue and whether IE and Edge will continue to support Symantec certificates after their distruxt by Firefox and Chrome.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.



Recent Comments