Closed
Bug 789321
Opened 12 years ago
Closed 12 years ago
new Mozilla Root cert
Categories
(www.mozilla.org :: General, defect)
www.mozilla.org
General
Tracking
(Not tracked)
VERIFIED
FIXED
Future
People
(Reporter: nmaul, Assigned: rik)
References
()
Details
(Whiteboard: [u=firefox-user c=bedrock p=1] [Due date: 2012-10-08])
Attachments
(2 files)
We are getting ready to update the Mozilla CA certificate, which is referenced on www.mozilla.org: https://wiki.mozilla.org/MozillaRootCertificate We'd like to be able to host both the old and new one simultaneously for a while, so that people can still verify certs signed by the old one... at least long enough for us to find them all and get them out of service. Perhaps the existing one could be renamed in some meaningful way (perhaps based on its origination date), and the new one could be put in place in the current location. I don't know where all it's linked to besides that wiki page, so that might be the best solution.
Reporter | ||
Comment 1•12 years ago
|
||
Matching .md5sum file, although the name in the file will be wrong if we rename things.
Updated•12 years ago
|
Component: Pages & Content → Bedrock
Comment 2•12 years ago
|
||
Jake: Is this what you are thinking? 1) Rename: https://www.mozilla.com/certs/mozilla-root.crt to https://www.mozilla.com/certs/mozilla-root-2007.crt 2) Upload new cert to: https://www.mozilla.com/certs/mozilla-root.crt
Updated•12 years ago
|
Target Milestone: --- → Future
Updated•12 years ago
|
Whiteboard: [u=firefox-user c=bedrock p=1]
Updated•12 years ago
|
Whiteboard: [u=firefox-user c=bedrock p=1] → [u=firefox-user c=bedrock p=1] [Due date: 2012-10-08]
Comment 3•12 years ago
|
||
This will need to be in place and live by October 9th for the release of Firefox 16.
Reporter | ||
Comment 4•12 years ago
|
||
(In reply to Chris More [:cmore] from comment #2) > Jake: Is this what you are thinking? > > 1) > Rename: https://www.mozilla.com/certs/mozilla-root.crt to > https://www.mozilla.com/certs/mozilla-root-2007.crt > > 2) > Upload new cert to: https://www.mozilla.com/certs/mozilla-root.crt Yep, that's pretty much it. However, note there is also a mozilla-root.crt.md5sum that should be updated as well. The exact same treatment should suffice.
Reporter | ||
Comment 5•12 years ago
|
||
Also: we have to be done with *our* bugs by Fx16 release. That means this has to be done much sooner, so that we have time to work on them. Specifically, we can't issue new certs signed by this new root cert until the new root cert is published and available for download. So this bug has to go first. A due date of Oct 8 is far too late for us to be able to do that.
Comment 6•12 years ago
|
||
Let's talk to Rik on Monday.
Assignee | ||
Comment 7•12 years ago
|
||
Updated the .htaccess to allow the new URL including 2007 to work. In trunk with r109170, stage with r109171 and prod with r109172.
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → anthony
Component: Bedrock → General
Assignee | ||
Comment 8•12 years ago
|
||
And certs updated with r109173. Should be working in a few minutes at: http://www.mozilla.org/certs/mozilla-root.crt http://www.mozilla.org/certs/mozilla-root.crt.md5sum http://www.mozilla.org/certs/mozilla-root-2007.crt http://www.mozilla.org/certs/mozilla-root-2007.crt.md5sum
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Comment 9•12 years ago
|
||
verified fixed http://www.mozilla.org/certs/mozilla-root.crt http://www.mozilla.org/certs/mozilla-root-2007.crt
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 10•12 years ago
|
||
Verified here also... both certs are correct, and the .md5sum files match what I was expecting (and match the crt files too, of course). Many thanks!
You need to log in
before you can comment on or make changes to this bug.
Description
•