Symantec SSL/TLS certificates distrust in Google Chrome and Mozilla Firefox

1 Likes
If you encounter this error when trying to access the Central Dashboard in Chrome or Firefox

- Chrome: NET::ERR_CERT_SYMANTEC_LEGACY.
- Firefox: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONTRAINT_FAILED.

Here's the reason why:

The reason behind this error is the browser security policies, ending support for Symantec SSL Certificates. So, if you open a website running under the Symantec SSL Certificate, Chrome and Firefox will treat them as insecure.

Basically Google chrome and Mozilla Firefox no longer recognize Symantec SSL / TLS certificates issued before the 1st of June, 2016.

As such, if the site has a certificate from Symantec providers (Rapid SSL GeoTrust, VeriSign, Thawte, Equifax) and the certificate hasn’t been updated after the 1st of June, 2016 the error will appear.

In order to remove the error you could add your site to the trusted site list of each browser, or also replace the SSL certificate with one that is not signed by Symantec or any of it's providers listed above.

Sources:
Google: https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html
Mozilla: https://www.mozilla.org/en-US/firefox/60.0/releasenotes/

Labels:

Support Tip
Comment List
Anonymous
Related Discussions
Recommended