March 2016 CA Communication

ACTION #1b: Enter the date when all of the SHA-1 based TLS/SSL (end-entity) certificates that chain up to your root certificates included in Mozilla's CA Certificate Program will either expire or be revoked (use format MM/DD/YYYY). If your included root certificates do not have the Websites trust bit enabled or you have never issued SHA-1 TLS/SSL certificates chaining up to included root certs, then enter 04/01/2016. As previously communicated we plan to show the “Untrusted Connection” error whenever a SHA-1 certificate is encountered in Firefox after January 1, 2017. We recommend that you put safeguards into place that will prevent the future issuance of SHA-1 based TLS/SSL and S/MIME certificates and SHA-1 based intermediate certificates that chain up to your root certificates included in Mozilla's CA Certificate Program.
ACTION #1b TEXT INPUT: Use this section if you need to specify different dates according to different root certificates included in Mozilla's CA Certificate Program. Or if there is additional clarification you would like to provide.

CA Owner Response Response
AC Camerfirma, S.A. 2019 Feb 15
Actalis 2016 Dec 31
Amazon Trust Services 2016 Apr 1
Asseco Data Systems S.A. (previously Unizeto Certum) 2018 Jan 6
Atos 2016 Apr 1
Autoridad de Certificacion Firmaprofesional 2016 Nov 1
Buypass 2016 Dec 23
Certicámara 2018 Jan 1
Certinomis / Docapost 2016 Jan 27 PKI SHA2 : 04/01/2016 (never issued SHA1) PKI SHA1 : 10/12/2016
China Financial Certification Authority (CFCA) 2016 Apr 1 We have NO SHA-1 root included in Mozilla. That is : we never issue SHA-1 certificate with root included in Mozilla
China Internet Network Information Center (CNNIC) 2017 Dec 4
Chunghwa Telecom 2018 Feb 6 We still have 16 TLS/SSL certificates that we have communicated to those customers that we can offer them new SHA 256 SSL certificates to replace their original SHA-1 SSL certificates without extra charge, but they have not yet agreed to replace. We plan to communicate with them again this year. And we plan to revoke those certificates before 2016-12-31.
ComSign 2016 Apr 1
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) 2016 Sep 30
Cybertrust Japan / JCSI 2016 Apr 1
D-TRUST 2016 Apr 1
Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV-Gruppe) 2016 Apr 1
Dhimyotis / Certigna 2016 Apr 1
DigiCert 2021 Jan 1
Disig, a.s. 2016 Feb 16
DocuSign (OpenTrust/Keynectis) 2018 Dec 18
E-Tugra 2016 Aug 14
EDICOM 2017 Aug 29
Entrust 2019 Mar 30
GlobalSign 2019 May 31
GoDaddy 2021 May 9
Government of France (ANSSI, DCSSI) 2016 Dec 31
Government of Hong Kong (SAR), Hongkong Post, Certizen 2017 Dec 3 At the moment, there are only a few certificates that are valid beyond Jan 1, 2017. We plan to have them revoked by 31 Dec 2016.
Government of Japan, Ministry of Internal Affairs and Communications 2017 Mar 31 Currently, we are migrating from SHA-1 to SHA-2. Estimated completion date is 2017-3-31.
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) 2017 Jan 1
Government of Taiwan, Government Root Certification Authority (GRCA) 2016 May 31
Government of The Netherlands, PKIoverheid (Logius) 2016 Apr 1 See previous statement.
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) 2016 Dec 17
HARICA 2017 Mar 31
IdenTrust Services, LLC 2016 Dec 31
Izenpe S.A. 2016 Dec 31
Krajowa Izba Rozliczeniowa S.A. (KIR) 2016 Apr 1
Microsec Ltd. 2016 Oct 17
NetLock Ltd. 2016 Dec 31
PROCERT 2011 Dec 31
QuoVadis 2018 Dec 28 All Root CA2 SHA-1 SSL expire by 1/12/2017. Root CA has SHA-1 SSL expiring up to 12/28/2018. Single client/limited volumes, not browser dependent, not internet facing. QV is approaching customers re early replacement of these certificates.
RSA the Security Division of EMC 2017 Dec 17
SECOM Trust Systems CO., LTD. 2019 Sep 13 We are planning and communicationg with customers who have the SHA-1 TLS/SSL certificates beyond January 2017 to be replaced by SHA-2 before end of this year.
SK ID Solutions AS 2016 Jan 7
Sectigo 2020 May 30
SecureTrust 2018 Dec 10
Start Commercial (StartCom) Ltd. 2016 Dec 31
SwissSign AG 2019 Oct 9 12/18/2017 --> Issuing CA is Server Gold G2 --> Root CA - SwissSign Gold G2 (OV) 09/10/2019 --> Issuing CA is Server Silver G2 --> Root is SwissSign Silver G2 (DV) We informed all customers that they should Change the certificates from SHA1 to SHA2. We also reconfigured our Systems in that way - that we are using new Issuing CAs since December 2014. This CAs are only issuing SHA256 certificates. It is technicaly not posible to issue SHA1 certificates with this CAs.
Swisscom (Switzerland) Ltd 2017 Nov 27 SHA-1 S/MIME certificates are still being issued since one our customers did not fully migrate to SHA-256 yet. Deadline for this migration is 06/30/2016, from this date on, no more SHA-1 based S/MIME certificates will be issued.
Symantec 2019 Sep 22 Root MAX(VALID_END_DATE) Equifax Secure Certificate Authority 6/2/2017 GeoTrust Global CA 9/22/2019 GeoTrust Primary Certification Authority 12/18/2016 VeriSign Class 3 Public Primary Certification Authority - G5 3/7/2019 thawte Primary Root CA 2/14/2019
T-Systems International GmbH (Deutsche Telekom) 2019 Jul 10
Taiwan-CA Inc. (TWCA) 2016 Dec 31
Telia Company (formerly TeliaSonera) 2016 Dec 31
Trend Micro 2016 Dec 31
Trustis 2016 Dec 15
TurkTrust 2017 Oct 1
Visa 2016 Dec 31
WISeKey 2016 Dec 31
Web.com 2014 Oct 28
Wells Fargo Bank N.A. 2016 Dec 31
WoSign CA Limited 2020 Jan 7
certSIGN 2016 Jul 6