Hi folks, Certificate Transparency is an important part of the web PKI that enables the detection of misissued certificates. Starting in Firefox 135, Certificate Transparency is now enforced on all desktop platforms. This means that Firefox now requires that TLS web server certificates issued from roots in Mozilla's Root CA program be accompanied by sufficient Certificate Transparency information (essentially, 2 SCTs) in order for TLS connections to succeed. Otherwise, Firefox will show the error " MOZILLA_PKIX_ERROR_INSUFFICIENT_CERTIFICATE_TRANSPARENCY".
In practice, this should require no particular changes on the part of website operators. If your site works in Chrome and Safari, it should work in Firefox as well. However, if you were making use of policies to exempt certain internal certificates or domains from CT, you will need to apply those policies to Firefox as well. See https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Enterprise_Policies If you encounter any issues, please let us know or file a bug directly: https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM Thank you, Dana -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAHP1u2ibhTB4r5YMZ6GNGo4Cr%2B5HQN3w-ULip6_ayX1aAzsH7A%40mail.gmail.com.
