diff --git a/scripts/policy/protocols/ssl/notary.zeek b/scripts/policy/protocols/ssl/notary.zeek
index 422d5e2e0c..67f8734d41 100644
--- a/scripts/policy/protocols/ssl/notary.zeek
+++ b/scripts/policy/protocols/ssl/notary.zeek
@@ -1,3 +1,5 @@
+@deprecated("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")
+
 @load base/protocols/ssl
 
 module CertNotary;
diff --git a/scripts/site/local.zeek b/scripts/site/local.zeek
index 2acd297c47..87838e4bee 100644
--- a/scripts/site/local.zeek
+++ b/scripts/site/local.zeek
@@ -67,10 +67,6 @@ redef digest_salt = "Please change this value.";
 # This script prevents the logging of SSL CA certificates in x509.log
 @load protocols/ssl/log-hostcerts-only
 
-# Uncomment the following line to check each SSL certificate hash against the ICSI
-# certificate notary service; see http://notary.icsi.berkeley.edu .
-# @load protocols/ssl/notary
-
 # If you have GeoIP support built in, do some geographic detections and
 # logging for SSH traffic.
 @load protocols/ssh/geo-data
diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors
index eab45fe321..b9ef0f93a3 100644
--- a/testing/btest/Baseline/coverage.bare-mode-errors/errors
+++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors
@@ -3,3 +3,5 @@
 warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:44 ("Remove in v5.1. OCSP logging is now disabled by default")
 warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:44 ("Remove in v5.1. OCSP logging is now disabled by default")
 warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from command line arguments ("Remove in v5.1. OCSP logging is now disabled by default")
+warning in <...>/notary.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:4 ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")
+warning in <...>/notary.zeek, line 1: deprecated script loaded from command line arguments ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")