During April and June of 2025, the following Root certificates were distrusted for TLS by Mozilla Bug 1957685:
- Comodo AAA Services root
- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority - G4
- GlobalSign Root CA
- XRamp Global CA Root
This action was taken in accordance with Mozilla's CA/Root CA Lifecycles policy.
As of this writing, it appears many online services have not yet accounted for this change. The reason is unknown; either they failed to react to warnings from the CA that issued their certificate, or there were no warnings to begin with.
Kudos to Sectigo for informing the public and providing a followup on the situation.
🔗 The "Works in Firefox" Anomaly
You may wonder: Why can I connect to sites using a certificate signed by SSL.com TLS Transit ECC CA R2 (issued by Comodo AAA Services root) in Firefox, but not in curl, wget, openssl, or gnutls?
Mozilla has added a cross-signed intermediate replacement certificate directly into Firefox (note: this was not added to the standard NSS CA root store). This certificate replaces the original even when the server provides the old one, successfully building a valid trust chain.
🔗 I am affected—what do I do?
Client trying to reach an affected service
- REPORT it to the service! Keep it simple: "I can't connect to your service because your SSL certificates are outdated. Please update them." Link them to this post or the aforementioned Sectigo articles.
- REPORT it again for good measure!
- TEMPORARY WORKAROUND: You can temporarily add the needed certificate to your root trust store. However, I am intentionally not providing instructions here to discourage this practice.
Online service provider (host)
Contact your CA. They likely have a cross-signed intermediate certificate available as a replacement. The fix is often as simple as replacing the intermediate certificate your server provides with this new one.
If no new intermediate exists, you will likely need to have a new certificate issued. If your CA did not warn you about this situation and its implications in advance, I would strongly consider switching CAs.
| Root | Intermediate | Cross-signed Replacement |
|---|---|---|
| Comodo AAA Services root | SSL.com TLS Transit ECC CA R2 | View on crt.sh |
Table 1: Affected Root and Intermediate Certificates
If you have information on other chains, please send them to ca-issue@fkrenzel.cz.
🔗 Statement regarding ca-certificates in Fedora/RHEL
As the primary maintainer of ca-certificates in fedora and rhel, I want to clarify why we will not revert this change in the package.
Mozilla's reasons for their policy in short
Root certificates were previously issued with excessively long lifespans (up to 30 years). While the cryptographic algorithms and parameters used might be deemed secure today, they may not remain so in the near future. For root certificates, this risk is unacceptable. If an algorithm is compromised, it threatens a multitude of root certificates, severely impacting the global PKI infrastructure. Such a disaster would result in months of outages and require tremendous effort to recover.
Our main reason
Diverging from Mozilla would put our users at risk. We regard customer security with the utmost importance and are not willing to compromise it for the sake of convenience; doing so would be short-sighted. While our team possesses strong PKI knowledge, we defer to the global experts at Mozilla regarding root store security decisions. Therefore, we generally do not go against their decisions by "loosening security," as would be required here.
If we see the need to
There is only one technical workaround we can implement without severely compromising security: including the cross-signed intermediate certificate directly in the root store. However, I do not anticipate shipping such a change before early February. I doubt that the affected service providers will remain broken until then; they will likely fix the issue on their end, which is the correct solution anyway. That said, we will consider this specific workaround should this situation occur again in the future.