Removal of TLS trust bit from Roots R1 and R3 by Mozilla

Feb 19, 2024

Removal of TLS trust bit from Roots R1 and R3 by Mozilla

Mozilla Announcement

Mozilla has announced their plans to start removing the TLS and Secure Mail trust bits from all of the older Roots in their root program. Mozilla will be removing website and S/MIME trust bits from Roots according to the following schedule:

Key Material Created	Removal of Websites Trust Bit	Removal of S/MIME Trust Bit
Before 2006	April 15, 2025	April 15, 2028
2006-2007	April 15, 2026	April 15, 2029
2008-2009	April 15, 2027	April 15, 2029
2010-2011	April 15, 2028	April 15, 2031
2012- April 14, 2014	April 15, 2029	April 15, 2032
April 15, 2014 - present	15 years from creation	18 years from creation

How will this affect GlobalSign?

Roots	TLS Stop Issuance	Mozilla Bit Removal
GlobalSign Root R1	March 14, 2024	April 15, 2025
GlobalSign Root R3	March 15, 2026	April 15, 2027
GlobalSign Root R5 (ECC)	March 15, 2028	April 15, 2029
GlobalSign Root R6	November 09, 2028	December 10, 2029

What's Changing?

The following products will be modified as part of disabling TLS issuance from Root R1:

On October 30th, 2024, we will switch the CloudSSL RSA CA from the CloudSSL CA to the current TLS OV CA. See this page for details: https://support.globalsign.com/ca-certificates/intermediate-certificates/cloudssl-intermediate-certificates
On January 29, 2024, we will switch the AlphaSSL CA to a new CA that is issued from Root R6. See this page for details:
https://support.globalsign.com/ca-certificates/intermediate-certificates/alphassl-intermediate-certificates
Starting in September and concluding by February 2024, GlobalSign will individually transition a small set of existing legacy TLS OV customers that are using a TLS OV CA issued by Root R1 to using the "GlobalSign RSA Organization Validation CA-2018". See this page for details: https://support.globalsign.com/ca-certificates/intermediate-certificates/organizationssl-intermediate-certificates

We will announce plans for transitioning away from GlobalSign Root R3 as we get closer to 2026.

Products Impacted:

TLS: AlphaSSL, CloudSSL, and some TLS OV customer-specific configurations

DomainSSL Overview

Feb 28, 2020, 7:27 AM

An Overview of DomainSSL As one of the most popular SSL Certificates on the web, DomainSSL is one of the fastest and most affordable ways to activate strong SSL protection for your website. DomainSSL is fully automated which means you'll be able to start protecting your ecommerce, logins, webmail and more in just a few minutes, 24/7. keywords: domain ssl overview, domain ssl certificates, dv ssl certificates, dvssl, dv, ssl, domain overview

OrganizationSSL Overview

Mar 2, 2020, 7:38 AM

High assurance OrganizationSSL Certificates provide instant identity confirmation and strong SSL protection for your website. Your customers see that GlobalSign has authenticated your identity - strengthening their trust that they're doing business with the right people.

How to add DNS CAA record in a hosted DNS

Mar 8, 2020, 3:46 PM

This article will provide the guidelines in adding a Certification Authority Authorization (CAA) record in a hosted DNS. If this is not the solution you are looking for, please search for your solution in the search bar above. Note: If you have any issues or questions whether CAA is supported with your setup, contact your DNS manager for further details.

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support

If you are an Atlas portal user, please submit request to support-atlas@globalsign.com.

GlobalSign Support

Removal of TLS trust bit from Roots R1 and R3 by Mozilla