SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


20221006 - Mozilla modifies its roots management policy

Mozilla recently announced a change in its roots management policy. That policy determines if a root can be stored by the company's browsers.

Roots that don't meet the policy are removed.

A root life's cycle

Mozilla decided to limit the use of a root to 10 years. In doing so, Mozilla hopes to encourage cryptographic agility, address advancements in computing, and facilitate the transition to better algorithms.

It is also warranted because older roots may have been created with older technologies, policies, and practices that are not in use anymore.

Consequences

Those changes will lead to the suppression of roots that are more than 15 years old from Mozilla stores as of 2025 according to a precise calendar:

Date of the root creation Date of the root abandonment
before 2006 April 15, 2025
between 2006 and 2007 April 15, 2026
between 2008 and 2009 April 15, 2027
between 2010 and 2011 April 15, 2028
between 2012 and April 15, 2014 April 15, 2029
after April 15, 2014 15 years from creation

Case of S/MIME certificates

The same rules apply for S/MIME roots except that they can be used for 18 years after their creation.

A specific calendar will be followed. It will start in 2028:

Date of the root creation Date of the root abandonment
before 2006 April 15, 2028
between 2006 and 2007 April 15, 2029
between 2008 and 2009 April 15, 2030
between 2010 and 2011 April 15, 2031
between 2012 and April 15, 2014 April 15, 2032
after April 15, 2014 18 years from creation

Why 15 years?

A root inclusion is a long process that takes 2 to 3 years. Then a transition period is needed to switch from an old to a new root. Therefore, a 15-year term allows for approximately 10 years of root CA use within the Mozilla root store.

What impact for your certificates?

An older root is often widely recognized and offers a better recognition to your certificates. Switching for a newer one will impact the browser's ubiquity for your SSL certificates.

All DV, OV and EV certificates issued on a SHA1 root are concerned.

List of impacted roots

Root name Date of the root abandonment
Sectigo AAA Certificate Services April 15, 2025
GlobalSign Root CA April 15, 2025
DigiCert Assured ID Root CA April 15, 2026
DigiCert Global Root CA April 15, 2026
DigiCert High Assurance EV Root CA April 15, 2026

Useful links