We do not have a good way to add malformed certificates like this to the CCADB -- the import tool that we provide gives an error message. We would have to ask our Salesforce admin to manually add these certs to the CCADB, but I am concerned about the side effects of having such certs in the system. Also, I checked with a Mozilla engineer, who said: "Firefox rejects those CAs with SEC_ERROR_INADEQUATE_KEY_USAGE, which is not overridable, so I don't see much of a benefit to putting them in OneCRL." Therefore, I would like to **not** add these certificates to the CCADB. Please let me know if that will cause problems for anyone. Thanks, Kathleen
Bug 1718991 Comment 7 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I checked with a Mozilla engineer, who said: "Firefox rejects those CAs with SEC_ERROR_INADEQUATE_KEY_USAGE, which is not overridable, so I don't see much of a benefit to putting them in OneCRL." Therefore, I would like to **not** add these certificates to the CCADB. Please let me know if that will cause problems for anyone. Thanks, Kathleen