Removal of TLS trust bit from Roots R1 and R3 by Mozilla
Aug 15, 2023
Removal of TLS trust bit from Roots R1 and R3 by Mozilla
Mozilla Announcement
Mozilla has announced their plans to start removing the TLS and Secure Mail trust bits from all of the older Roots in their root program. Mozilla will be removing website and S/MIME trust bits from Roots according to the following schedule:
| Key Material Created | Removal of Websites Trust Bit | Removal of S/MIME Trust Bit |
|---|---|---|
| Before 2006 | April 15, 2025 | April 15, 2028 |
| 2006-2007 | April 15, 2026 | April 15, 2029 |
| 2008-2009 | April 15, 2027 | April 15, 2029 |
| 2010-2011 | April 15, 2028 | April 15, 2031 |
| 2012- April 14, 2014 | April 15, 2029 | April 15, 2032 |
| April 15, 2014 - present | 15 years from creation | 18 years from creation |
How will this affect GlobalSign?
| Roots | TLS Stop Issuance | Mozilla Bit Removal |
|---|---|---|
| GlobalSign Root R1 | March 14, 2024 | April 15, 2025 |
| GlobalSign Root R3 | March 15, 2026 | April 15, 2027 |
| GlobalSign Root R5 (ECC) | March 15, 2028 | April 15, 2029 |
| GlobalSign Root R6 | November 09, 2028 | December 10, 2029 |
What's Changing?
The following products will be modified as part of disabling TLS issuance from Root R1:
-
On October 30th, 2024, we will switch the CloudSSL RSA CA from the CloudSSL CA to the current TLS OV CA. See this page for details: https://support.globalsign.com/ca-certificates/intermediate-certificates/cloudssl-intermediate-certificates
-
On January 29, 2024, we will switch the AlphaSSL CA to a new CA that is issued from Root R6. See this page for details:
https://support.globalsign.com/ca-certificates/intermediate-certificates/alphassl-intermediate-certificates -
Starting in September and concluding by February 2024, GlobalSign will individually transition a small set of existing legacy TLS OV customers that are using a TLS OV CA issued by Root R1 to using the "GlobalSign RSA Organization Validation CA-2018". See this page for details: https://support.globalsign.com/ca-certificates/intermediate-certificates/organizationssl-intermediate-certificates
We will announce plans for transitioning away from GlobalSign Root R3 as we get closer to 2026.
Products Impacted:
- TLS: AlphaSSL, CloudSSL, and some TLS OV customer-specific configurations
Related Articles
SSL Configuration Test
Check your certificate installation for SSL issues and vulnerabilities.