Websites Trust Bit Removals for 2027

[Ben Wilson]

All,

Below, for your review, are the root CAs with website trust bit removals scheduled for April 2027.  Please let me know if you have any questions or corrections.

Thanks,

Ben

CA Operator	Root Certification Authority	SHA-256 Hash
Sectigo	COMODO ECC Certification Authority	1793927A0614549789ADCE2F8F34F7F0B66D0F3AE3A3B84D21EC15DBBA4FADC7
TAIWAN-CA	TWCA Root Certification Authority	BFD88FE1101C41AE3E801BF8BE56350EE9BAD1A6B9BD515EDC5C6D5B8711AC44
T-Systems Enterprise Services GmbH	T-TeleSec GlobalRoot Class 3	FD73DAD31C644FF1B43BEF0CCDDA96710B9CD9875ECA7E31707AF3E96D522BBD
T-Systems Enterprise Services GmbH	T-TeleSec GlobalRoot Class 2	91E2F5788D5810EBA7BA58737DE1548A8ECACD014598BC0B143E041B17052552
Asseco Data Systems S.A. (Certum)	Certum Trusted Network CA	5C58468D55F58E497E743982D2B50010B6D165374ACF83A7D4A32DB768C4408E
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)	FNMT-RCM - SHA256	EBC5570C29018C4D67B1AA127BAF12F703B4611EBC17B7DAB5573894179B93FA
NetLock Kft.	NetLock Arany (Class Gold) Főtanúsítvány	6C61DAC3A2DEF031506BE036D2A6FE401994FBD13DF9C8D466599274C446EC98
GlobalSign nv-sa	GlobalSign Root CA - R3	CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B
Autoridad de Certificacion Firmaprofesional	Autoridad de Certificacion Firmaprofesional CIF A62634068	04048028BF1F2864D48F9AD4D83294366A828856553F3B14303F90147F5D40EF
SECOM Trust Systems CO.,LTD.	Security Communication RootCA2	513B2CECB810D4CDE5DD85391ADFC6C2DD60D87BB736D2B521484AA47A0EBEF6
Microsec Ltd.	Microsec e-Szigno Root CA 2009	3C5F81FEA5FAB82C64BFA2EAECAFCDE8E077FC8620A7CAE537163DF36EDBF378
Amazon Trust Services	Starfield Services Root Certificate Authority - G2	568D6905A2C88708A4B3025190EDCFEDB1974A606A13C6E5290FCB2AE63EDAB5
GoDaddy.com, Inc.	Go Daddy Root Certificate Authority - G2	45140B3247EB9CC8C5B4F0D7B53091F73292089E6E5A63E2749DD3ACA9198EDA
GoDaddy.com, Inc.	Starfield Root Certificate Authority - G2	2CE1CB0BF9D2F9E102993FBE215152C3B2DD0CABDE1C68E5319B839154DBB7F5
D-Trust GmbH	D-TRUST Root Class 3 CA 2 2009	49E7A442ACF0EA6287050054B52564B650E4F49E42E348D6AA38E039E957B1C1
D-Trust GmbH	D-TRUST Root Class 3 CA 2 EV 2009	EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881

[Rob Stradling]

> Please let me know if you have any questions or corrections.

Hi Ben.  Per Sectigo's "Transition Plan for Existing Dual-Purpose Roots" (https://bugzilla.mozilla.org/show_bug.cgi?id=2017182#c0), we're expecting 5 roots (not just "COMODO ECC Certification Authority") belonging to Sectigo to lose the Website trust bit in April 2027:

• COMODO ECC Certification Authority.
• COMODO RSA Certification Authority.
• USERTrust ECC Certification Authority.
• USERTrust RSA Certification Authority.
• Entrust Root Certification Authority - G2.

---

From: 'Ben Wilson' via dev-secur...@mozilla.org <dev-secur...@mozilla.org>
Sent: 06 May 2026 18:31
To: dev-secur...@mozilla.org <dev-secur...@mozilla.org>
Subject: Websites Trust Bit Removals for 2027

 

All, Below, for your review, are the root CAs with website trust bit removals scheduled for April 2027. Please let me know if you have any questions or corrections. Thanks, Ben CA Operator Root Certification Authority SHA-256 Hash Sectigo COMODO

ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

Report Suspicious

 

ZjQcmQRYFpfptBannerEnd

--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaadussXYT_qZNgLz0%3DxxVS5HdRP%2BZO_PUJdx8nbxtiBhg%40mail.gmail.com.

[Ben Wilson]

Thanks, Rob

I'll update my table here - https://wiki.mozilla.org/CA/Root_CA_Lifecycles#2027_Websites_Trust_Bit_Removals and Bug #2037523.

Ben