We have begun to assess the impact of the upcoming change to Firefox 63. This change is scheduled for Firefox 63, with the following planned release dates: The next phase of the consensus plan is to distrust any TLS certificate that chains up to a Symantec root, regardless of when it was issued (note that there is a small exception for TLS certificates issued by a few intermediate certificates that are managed by certain companies, and this phase does not affect S/MIME certificates). Just before the release of Firefox 60 on May 9, 2018, less than 0.15% of websites were impacted – a major improvement in just a few months’ time. In early March when we last blogged on this topic, roughly 1% of websites were broken in Firefox 60 due to the change described above. As previously stated, DigiCert’s acquisition of Symantec’s Certification Authority has not changed these plans. This proposal was also adopted by the Google Chrome team, and more recently Apple announced their plan to distrust Symantec TLS certificates.
This is part of the consensus proposal for removing trust in Symantec TLS certificates that Mozilla adopted in 2017. Firefox 60 (the current release) displays an “ untrusted connection” error for any website using a TLS/SSL certificate issued before Jthat chains up to a Symantec root certificate.