Closed
Bug 1037823
Opened 10 years ago
Closed 8 years ago
Elektronik Bilgi Guvenligi: Issuing 1024 bit certificates
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kurt, Assigned: muhammet.kalaycilar)
References
Details
(Whiteboard: BR Compliance - 1024 bit certs)
Hi, I'm seeing 1024 bit certificates generated from the following root CA, directly to subscriber: C = TR O = Elektronik Bilgi Guvenligi A.S. CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
Reporter | ||
Updated•10 years ago
|
Blocks: BR-Compliance
Reporter | ||
Updated•10 years ago
|
Whiteboard: BR Compliance - 1024 bit certs
Comment 1•10 years ago
|
||
Kathleen: can you assign this to the relevant CA contact? Gerv
Updated•10 years ago
|
Assignee: kwilson → muhammet.kalaycilar
Reporter | ||
Comment 2•9 years ago
|
||
I'm still seeing at least one issued in November 2014.
Reporter | ||
Comment 3•9 years ago
|
||
Generated in 2015: https://crt.sh/?id=7198093
Comment 4•8 years ago
|
||
I’m working at Electrionic Information Security Company (E-Güven) as a Quality and Process specialist.My name’s Nermin Güngör. What can we do to verify the root certificate? Note:we have management standard certification ETSI.
Comment 5•8 years ago
|
||
(In reply to Nermin Güngör from comment #4) > I’m working at Electrionic Information Security Company (E-Güven) as a > Quality and Process specialist.My name’s Nermin Güngör. What can we do to > verify the root certificate? > Note:we have management standard certification ETSI. You can get the 1024-bit cert in question by browsing to https://crt.sh/?id=7198093 In the "Certificate|ASN.1" section click on "Certificate:" to download the cert. I am closing this bug as fixed, because the "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" root cert was removed from Firefox 38 via Bug #1145270, so as far as Firefox is concerned, this issue has been resolved. After E-Guven has addressed all non-compliance with the CA/Browser Forum Baseline Requirements, E-Guven may re-apply for root inclusion by filing a new Bugzilla Bug as described here: https://wiki.mozilla.org/CA:How_to_apply
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment 6•8 years ago
|
||
Hi, Thank you for information. I shared our new certification, we're signing from the root. Please sorry for the delay. BEGIN CERTIFICATE----- MIIFQTCCBCmgAwIBAgIQWC7oW3XORCoaeibWzLlpnzANBgkqhkiG9w0BAQsFADB4 MQswCQYDVQQGEwJUUjEoMCYGA1UECgwfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp Z2kgQS5TLjE/MD0GA1UEAww2RS1HVVZFTiBLb2sgRWxla3Ryb25payBTZXJ0aWZp a2EgSGl6bWV0IFNhZ2xheWljaXNpIFMzMB4XDTE2MDIwNDExMzY1NVoXDTE5MDMw ODE0NDM1NVowgYcxCzAJBgNVBAYTAlRSMREwDwYDVQQIEwhJU1RBTkJVTDERMA8G A1UEBxMISVNUQU5CVUwxKDAmBgNVBAoTH0VsZWt0cm9uaWsgQmlsZ2kgR3V2ZW5s aWdpIEEuUy4xCzAJBgNVBAsTAklUMRswGQYDVQQDExJjbGllbnQuamV0b25heS5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSuBLdsJ0NCOuSHFBd aCdxnZGgBYBgaAavOvvHykBRrpPJFgHPw1tEEDSZNBHPHMrsvzytuNdd6TB3DIc6 2ospMl40SKFcN4gF+Xe2IiSE9bBEL9cggPYv0njcILBlLcY4ZL3FRU+pSD3jsDYe rwQVYfvmw/3DNYtU0RG/65oSK64KUTXCVF4oxw0MPMAHPzLBUNDRrdSPiLZ8NlaS lDOhOiHeQ+GPlzOWvLE16AAg3NIWSVWki1PHmDI40PMiD3qishhAvcsJF0obvssi aerX8TW8aYdgG6a1yh/8pBwzwXeui96mqrUj3hSQvXji933LMDdUEshX+ju9BqXz SKitAgMBAAGjggG1MIIBsTB2BggrBgEFBQcBAQRqMGgwLgYIKwYBBQUHMAGGImh0 dHA6Ly9vY3NwMi5lLWd1dmVuLmNvbS9vY3NwLnh1ZGEwNgYIKwYBBQUHMAKGKmh0 dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL0tPS1MzLmNydDAfBgNVHSME GDAWgBTidDP/GlZ5BUXYIcewKoqH56R4sDAJBgNVHRMEAjAAMGUGA1UdIAReMFww WgYEKgMEBTBSMBUGCCsGAQUFBwIBFgkxLjIuMy40LjUwOQYIKwYBBQUHAgIwLTAY FhFSZXBsYWNlIFRoaXMgVGV4dDADAgEBGhFSZXBsYWNlIFRoaXMgVGV4dDBWBgNV HR8ETzBNMEugSaBHhkVodHRwOi8vc2lsLmUtZ3V2ZW4uY29tL0VsZWt0cm9uaWtC aWxnaUd1dmVubGlnaUFTUm9vdFMzL0xhdGVzdENSTC5jcmwwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUAI4j eVGSU9dFzUu6pMsrGA0OEgEwDQYJKoZIhvcNAQELBQADggEBAGSELe08SwmIdTBf B9eqHDOU2yVsY6gAwsgHv39sVuW3siQ2UqpIDhnhhFDaiURmwQkBKBQ8LMffI3l9 QI9wFB1HnzIGkSXS1fy1TVd1vyNt8700mZXxWOcHo9BVeOvPq7SAtORU/LlecFX3 SN2J66tXu7A35iCyfoezn8tqkee23ossQEMsGZ0ZyqUbrzTWVqjVjmCXOl/O9BBQ Egk+pBkIVogC3jGu2uaPScBqeePv/6ei4dnAuKEMn6AZ6uHAkOAEkQvMi09Vi4co F1ILsoe1FZTr8OegnvhZQIOurrjS3bIHqoigQ/B0s7dP1fdB/v7R/zrcAS9EjZRY TLOmUYk= -----END CERTIFICATE----- C:\Users\gunay>cd.. C:\Users>cd.. C:\>Certutil –dump jetonay.cer X.509 Sertifikası: Sürüm: 3 Seri No: 582ee85b75ce442a1a7a26d6ccb9699f İmza Algoritması: Algoritma Nesne Kimliği: 1.2.840.113549.1.1.11 sha256RSA Algoritma Parametreleri: 05 00 Sertifikayı veren: CN=E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S3 O=Elektronik Bilgi Guvenligi A.S. C=TR NotBefore: 04.02.2016 13:36 NotAfter: 08.03.2019 16:43 Konu: CN=client.jetonay.com OU=IT O=Elektronik Bilgi Guvenligi A.S. L=ISTANBUL S=ISTANBUL C=TR Ortak Anahtar Algoritması: Algoritma Nesne Kimliği: 1.2.840.113549.1.1.1 RSA (RSA_SIGN) Algoritma Parametreleri: 05 00 Özel Anahtar Uzunluğu: 2048 bit Ortak Anahtar: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 d2 b8 12 dd b0 9d 0d 0010 08 eb 92 1c 50 5d 68 27 71 9d 91 a0 05 80 60 68 0020 06 af 3a fb c7 ca 40 51 ae 93 c9 16 01 cf c3 5b 0030 44 10 34 99 34 11 cf 1c ca ec bf 3c ad b8 d7 5d 0040 e9 30 77 0c 87 3a da 8b 29 32 5e 34 48 a1 5c 37 0050 88 05 f9 77 b6 22 24 84 f5 b0 44 2f d7 20 80 f6 0060 2f d2 78 dc 20 b0 65 2d c6 38 64 bd c5 45 4f a9 0070 48 3d e3 b0 36 1e af 04 15 61 fb e6 c3 fd c3 35 0080 8b 54 d1 11 bf eb 9a 12 2b ae 0a 51 35 c2 54 5e 0090 28 c7 0d 0c 3c c0 07 3f 32 c1 50 d0 d1 ad d4 8f 00a0 88 b6 7c 36 56 92 94 33 a1 3a 21 de 43 e1 8f 97 00b0 33 96 bc b1 35 e8 00 20 dc d2 16 49 55 a4 8b 53 00c0 c7 98 32 38 d0 f3 22 0f 7a a2 b2 18 40 bd cb 09 00d0 17 4a 1b be cb 22 69 ea d7 f1 35 bc 69 87 60 1b 00e0 a6 b5 ca 1f fc a4 1c 33 c1 77 ae 8b de a6 aa b5 00f0 23 de 14 90 bd 78 e2 f7 7d cb 30 37 54 12 c8 57 0100 fa 3b bd 06 a5 f3 48 a8 ad 02 03 01 00 01 Sertifika Uzantıları: 8 1.3.6.1.5.5.7.1.1: Bayraklar = 0, Uzunluk = 6a Yetkili Bilgi Erişimi [1]Yetkili Bilgi Erişimi Erişim Yöntemi=Çevrimiçi Sertifika Durum Protokolü (1.3.6.1.5.5 8.1) Diğer Ad: URL=http://ocsp2.e-guven.com/ocsp.xuda [2]Yetkili Bilgi Erişimi Erişim Yöntemi=Sertifika Yetkilisi Yayımcısı (1.3.6.1.5.5.7.48. Diğer Ad: URL=http://www.e-guven.com/documents/KOKS3.crt 2.5.29.35: Bayraklar = 0, Uzunluk = 18 Yetkili Anahtarı Tanımlayıcısı AnahtarKimliği=e2 74 33 ff 1a 56 79 05 45 d8 21 c7 b0 2a 8a 87 e7 a4 b0 2.5.29.19: Bayraklar = 0, Uzunluk = 2 Temel Kısıtlamalar Konu Türü=Son Varlık Yol Uzunluğu Kısıtlaması=Yok 2.5.29.32: Bayraklar = 0, Uzunluk = 5e Sertifika İlkeleri [1]Sertifika İlkesi: İlke Tanımlayıcısı=1.2.3.4.5 [1,1]İlke Niteleyicisi Bilgisi: İlke Niteleyicisi Kimliği=CPS Niteleyici= 1.2.3.4.5 [1,2]İlke Niteleyicisi Bilgisi: İlke Niteleyicisi Kimliği=Kullanıcı Uyarısı Niteleyici= Uyarı Tercihi: Kuruluş=Replace This Text Uyarı Numarası=1 Uyarı Metni=Replace This Text 2.5.29.31: Bayraklar = 0, Uzunluk = 4f CRL Dağıtım Noktaları [1]CRL Dağıtım Noktası Dağıtım Noktası Adı: Tam Ad: URL=http://sil.e-guven.com/ElektronikBilgiGuvenligiAS S3/LatestCRL.crl 2.5.29.37: Bayraklar = 0, Uzunluk = 16 Gelişmiş Anahtar Kullanımı Sunucu Kimlik Doğrulaması (1.3.6.1.5.5.7.3.1) İstemci Kimlik Doğrulaması (1.3.6.1.5.5.7.3.2) 2.5.29.15: Bayraklar = 1(Kritik), Uzunluk = 4 Anahtar Kullanımı Dijital İmza, Anahtar Şifreleme (a0) 2.5.29.14: Bayraklar = 0, Uzunluk = 16 Konu Anahtarı Tanımlayıcısı 00 8e 23 79 51 92 53 d7 45 cd 4b ba a4 cb 2b 18 0d 0e 12 01 İmza Algoritması: Algoritma Nesne Kimliği: 1.2.840.113549.1.1.11 sha256RSA Algoritma Parametreleri: 05 00 İmza: UnusedBits=0 0000 89 51 a6 b3 4c 58 94 8d 44 2f 01 dc 3a ff d1 fe 0010 fe 41 f7 d5 4f b7 b3 74 f0 43 a0 88 aa 07 b2 dd 0020 d2 b8 ae ae 83 40 59 f8 9e a0 e7 f0 eb 94 15 b5 0030 87 b2 0b 52 17 28 87 8b 55 4f 8b cc 0b 91 04 e0 0040 90 c0 e1 ea 19 a0 9f 0c a1 b8 c0 d9 e1 a2 a7 ff 0050 ef e3 79 6a c0 49 8f e6 da ae 31 de 02 88 56 08 0060 19 a4 3e 09 12 50 10 f4 ce 5f 3a 97 60 8e d5 a8 0070 56 d6 34 af 1b a5 ca 19 9d 19 2c 43 40 2c 8b de 0080 b6 e7 91 6a cb 9f b3 87 7e b2 20 e6 37 b0 bb 57 0090 ab eb 89 dd 48 f7 55 70 5e b9 fc 54 e4 b4 80 b4 00a0 ab cf eb 78 55 d0 a3 07 e7 58 f1 95 99 34 bd f3 00b0 6d 23 bf 75 57 4d b5 fc d5 d2 25 91 06 32 9f 47 00c0 1d 14 70 8f 40 7d 79 23 df c7 2c 3c 14 28 01 09 00d0 c1 66 44 89 da 50 84 e1 19 0e 48 aa 52 36 24 b2 00e0 b7 e5 56 6c 7f bf 07 c8 c2 00 a8 63 6c 25 db 94 00f0 33 1c aa d7 07 5f 30 75 88 09 4b 3c ed 2d 84 64 Kök Olmayan Sertifika Anahtar Kimliği Karması(rfc-sha1): 00 8e 23 79 51 92 53 d7 45 cd 4b ba a4 cb 18 0d 0e 12 01 Anahtar Kimliği Karması(sha1): 35 aa 2e 68 59 12 70 4c 81 e0 a6 f4 bf f0 5a 9 73 1d 8f Sertifika Karması(md5): 32 46 a4 94 18 e9 4c 78 a3 fc 38 1b 93 ae e4 38 Sertifika Karması(sha1): 79 da 2c 2a ff 20 cf e7 89 7d 7c dd c6 65 43 0d 44 0 fd CertUtil: -dump komutu başarıyla tamamlandı. C:\>
Updated•7 years ago
|
Product: mozilla.org → NSS
Updated•1 year ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•