Closed Bug 1026128 Opened 11 years ago Closed 9 years ago

GDT: Issuing 1024 bit certificates

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kurt, Assigned: steve.medin)

References

Details

(Whiteboard: BR Compliance)

I'm still seeing a 1024 bit certificate generated in June from the following trust path: CN = GTE CyberTrust Global Root, OU = "GTE CyberTrust Solutions, Inc.", O = GTE Corporation, C = US CN = GDT-SubCA-Public CN = GDT-EntSubCA-Public, DC = ad, DC = guidant, DC = com
Summary: GDT: Issuing 1024 certificates → GDT: Issuing 1024 bit certificates
Blocks: BR-Compliance
Assignee: kwilson → steve.medin
Whiteboard: BR Compliance
Customers who continue to use the GTE CyberTrust Global Root do not require trust in Firefox. While the root will remain under WebTrust audit, it will transition to treatment as a private community PKI. Customers are entitled to issue certificates under the GTE root that suit the abilities of their environment. In some cases, this may involve hard-coded trust chains, firmware embedments that are fielded and incapable of remote update, or in rare cases, dependency on 1024-bit support. Given the extension of trust of the GTE root to September, we will contact Boston Scientific (formerly Guidant) and respond further regarding this matter.
Re comment #2: I infer that the GTE CyberTrust Global Root might thus be removed from NSS. Is this correct?
(In reply to David E. Ross from comment #2) > Re comment #2: I infer that the GTE CyberTrust Global Root might thus be > removed from NSS. Is this correct? Oops! That should have been Re comment #1.
Yes, David, but now not until September, so this creates plenty of time where the certificates are not compliant to end entity requirements and therefore we are taking action to notify Boston Scientific. It is true that the GTE CyberTrust Global Root is due for removal at FF32.
Plan communicated from customer with timing explanations is provided below. --- We have created a plan internally at BSC which will have us completing the retirement of these certificates by the end of September 2014. After performing a review in the last couple of weeks of existing certificates we find that we have 19 that are active. These certificates support an array of applications and services which are vital to our companies on-going operations and we need to be prudent and plan full in our conversion and yet mindful of completing the task per the request from Verizon and Mozilla. Our action plan is – 1. We have identified the internal owners of each of these sites 2. Working with those owners we will create new certificate request files and sign them via the Verizon CA 3. BSC has a designated maintenance window every 2nd and 4th Saturday evening of the month and we will work with the site owners to convert their sites at that time 4. This work will be completed by the end of September The common names on the offending certificates are: General Use (external) ------------------------------ TrialData.BSCI.com ValTrialData.BSCI.com BSC Only (Authorization Required) ---------------------------------------------- accesslab.bsci.com citrix.bsci.com ecert.bsdmzds.com elnprod.bsci.bossci.com gatekeeper.stp.guidant.com iqscitrix-crm.ad.guidant.com iqscitrixbackup-crm.ad.guidant.com mapdmsapn01.bsci.bossci.com natcit01 natdatatrans.bsci.com NATFTP01 remoteapps.bostonscientific.com sara.bostonscientific.com sara2.bostonscientific.com secureauth.bsci.com stpcrisdn01.bsci.bossci.com STPIBM1683USVAL.stpibm1683.stp.guidant.com
Removal of the GTE CyberTrust root is bug 1047011. Gerv
Please close this bug as having been resolved by removal of the GTE Cybertrust Root from NSS.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.