Closed
Bug 1359515
Opened 8 years ago
Closed 8 years ago
Change trust bits for Swisscom Root CA 2 root cert, and remove two other Swisscom root certs
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
3.32
People
(Reporter: kathleen.a.wilson, Unassigned)
References
Details
Please make the following changes in NSS.
1) Turn off the Websites and Code trust bits for the "Swisscom Root CA 2" root certificate
Issuer Common Name: Swisscom Root CA 2
SHA-1 Fingerprint: 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
SHA-256 Fingerprint: F0:9B:12:2C:71:14:F4:A0:9B:D4:EA:4F:4A:99:D5:58:B4:6E:4C:25:CD:81:14:0D:29:C0:56:13:91:4C:38:41
2) Remove the "Swisscom Root CA 1" root certificate
Issuer Common Name: Swisscom Root CA 1
Digital Certificate Services
SHA-1 Fingerprint: 5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51
SHA-256 Fingerprint: 21:DB:20:12:36:60:BB:2E:D4:18:20:5D:A1:1E:E7:A8:5A:65:E2:BC:6E:55:B5:AF:7E:78:99:C8:A2:66:D9:2E
3) Remove the "Swisscom Root EV CA 2" root certificate
Issuer Common Name: Swisscom Root EV CA 2
SHA-1 Fingerprint: E7:A1:90:29:D3:D5:52:DC:0D:0F:C6:92:D3:EA:88:0D:15:2E:1A:6B
SHA-256 Fingerprint: D9:5F:EA:3C:A4:EE:DC:E7:4C:D7:6E:75:FC:6D:1F:F6:2C:44:1F:0F:A8:BC:77:F0:34:B1:9E:5D:B2:58:01:5D
The removal of the "Swisscom Root EV CA 2" root certificate is dependent on Bug #1359514 for removing EV treatment.
|
Reporter | |
Comment 1•8 years ago
|
||
H-P, Please confirm (by adding a comment in this bug) that the requested changes are correctly stated.
|
||
Comment 3•8 years ago
|
||
Confirm correctness of all 3 tasks, thanks.
|
|
Reporter | |
Comment 4•8 years ago
|
||
H-P,
Thanks for confirming that the data in this bug is correct.
Unless I learn of security concerns that make this request urgent, this change will happen as part of our regular root inclusion/update process.
Root inclusions/updates are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months.
At some point in the next 3 months a test build will be provided and this bug will be updated to indicate the change is in progress. Since you are cc'd on this bug, you will get notification via email when that happens.
|
|
Reporter | |
Comment 5•8 years ago
|
||
Patch and testing information is in Bug #1380941.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.32
|
|
||
Comment 6•8 years ago
|
||
Hi Kathleen
I just noted that the websites trust bit for Swisscom is still set in CCABD: https://ccadb.force.com/001o000000HshFs
What are the next steps required to remove the Mozilla websites trust bits?
Please let me know if there is something else I need to do.
Thanks & regards
H-P
|
|
Reporter | |
Comment 7•8 years ago
|
||
Thanks for the reminder. I have updated the CCADB to match the July batch of root changes (Bug #1380941).
|
|
||
Comment 8•8 years ago
|
||
Thanks for the update. Who can support me in changing the Microsoft Trust Bits?
|
|
Reporter | |
Comment 9•8 years ago
|
||
(In reply to H-P Waldegger from comment #8)
> Thanks for the update. Who can support me in changing the Microsoft Trust
> Bits?
Sent response via email.
You need to log in
before you can comment on or make changes to this bug.
Description
•