20150130 - Firefox 36 and roots
At the end of February 2015 the version 36 of Firefox will be released with several modifications regarding included roots.
Deleted roots
Several roots will disappear:
- Thawte Premium Server CA
- VeriSign Class 3 Public PCA – G2
- Equifax Secure eBusiness CA-1
- GTE CyberTrust Global Root
New roots
And others will be added:
- COMODO RSA Certification Authority
- USERTrust RSA Certification Authority
- USERTrust ECC Certification Authority
- GlobalSign ECC Root CA - R4
- GlobalSign ECC Root CA - R5
You have a certificate chained to one of these roots?
From the end of February it won't be recognized be the browser anymore. It will be considered as dangerous and will trigger security alerts.
In that case, 2 solutions: either request a free reissuance or, if your certificate expires within the next three months, request its renewal. New certificates will be issued under a recognized root.
Please note: Impacted customers will receive an email within the next few days indicating the procedure to follow.