Mozilla has vowed to distrust all Symantec certificates starting from this October.
The browser vendor said 35% of the top 1 million sites will be affected when it removes all TLS certificates by Symantec from Firefox 63, which is set to be released on Oct. 23.
The same can be expected with Chrome 70, which is scheduled for release a week earlier on Oct. 16.
However, it looks like Mozilla’s commitment to distrusting all Symantec-issued certificates won’t subject a lot of websites to trouble since many of which have already replaced their TLS.
What Is The Problem With Symantec?
Mozilla noted that the number of websites using Symantec certificates has dropped dramatically by 20%.
“We strongly encourage website operators to replace any remaining Symantec TLS certificates immediately to avoid impacting their users as these certificates become distrusted in Firefox Nightly and Beta over the next few months,” Mozilla Spokesperson.
Google was the first to end Symantec certificates in Chrome 66 back in April.
The reason for the distrust stemmed from an issue reported back in 2017 when security researcher Hanno Böck managed to get thousands of genuine certificates revoked by Symantec.
To find out more about that issue you can read this blog post here.
This then got picked up by various online companies specifically Mozilla and Google.
Bock then wrote about the situation further:
“Symantec did a major blunder by revoking a certificate based on completely forged evidence…There’s hardly any excuse for this and it indicates that they operate a certificate authority without a proper understanding of the cryptographic background.” Hanno Bock, Security Researcher
Which now means that both Mozilla and Google are taking action to distrust Symantec certificates.
Whilst most websites have since moved to other security certificate providers one big website that still remains is PayPal.
Twitter user Liam O pointed this out as shown below:
On October 16, 2018 (in 10 weeks), Chrome 70 is going to drop, and Symantec certificates (including GeoTrust) issued prior to June 1, 2016 will no longer be trusted. I would have thought that most big companies would have already actioned this, but… nope lol ? pic.twitter.com/T4qM1pbPxl
— Liam O ? (@liamosaur) August 1, 2018
Whilst PayPal still have 10 weeks to get this sorted, we now internal changes like this for any big company can take time to action. Fingers crossed PayPal are aware of it before it becomes a huge issue for users and eCommerce sellers.
What’s your take on Mozilla’s and Google’s decision? Let us know in the comments below or over on our Facebook Group.
Subscribe to Our Newsletter Today
Stay in touch with the latest business insights for your online business
We do not share your information and you can unsubscribe anytime
Connect With Us And Other Small Business Owners
Please head over to our Facebook Group for Small Business Sellers and interact with other small business owners.