The following root certificate has expired, so please remove it from NSS. Issuer field: O = (c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. L = ANKARA C = TR CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı SHA-1 Fingerprint: 79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9 This root certificate has all three trust bits enabled; Websites (SSL/TLS), Email (S/MIME), and Code Signing. It is not enabled for EV treatment. The CA has concurred that this root certificate has been phased out and may be removed from NSS.
The test build is here: https://firstname.lastname@example.org I have verified that the root cert listed above has been removed.