replace www.mozilla.org & download.mozilla.org certs with a non-sha1 cert

RESOLVED DUPLICATE of bug 1064387

Status

Infrastructure & Operations
WebOps: SSL and Domain Names
RESOLVED DUPLICATE of bug 1064387
2 years ago
2 years ago

People

(Reporter: bhearsum, Unassigned)

Tracking

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1372] )

(Reporter)

Description

2 years ago
sha-1 cert support is vulnerable to collision attacks and is being deprecated (https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/). We should make sure all parts of our product delivery pipeline are not using sha-1. We're taking care of the update server and code signing in bugs 1116409 and 1079858 respectively, and I think www.mozilla.org and download.mozilla.org are the last pieces.

Updated

2 years ago
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1372]

Comment 1

2 years ago
Right now I am proposing to do this when the current certificate expire at the end of 2015 and end XP SP2 suppot completely when moving to VS2015 next year.
(Reporter)

Comment 2

2 years ago
bug 1064387 was filed awhile back about this, and has a lot more background.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1064387
You need to log in before you can comment on or make changes to this bug.