Closed Bug 1359515 Opened 5 years ago Closed 4 years ago

Change trust bits for Swisscom Root CA 2 root cert, and remove two other Swisscom root certs


(NSS :: CA Certificates Code, task)

Not set


(Not tracked)



(Reporter: kwilson, Unassigned)



Please make the following changes in NSS.

1) Turn off the Websites and Code trust bits for the "Swisscom Root CA 2" root certificate
Issuer Common Name: Swisscom Root CA 2
SHA-1 Fingerprint: 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
SHA-256 Fingerprint: F0:9B:12:2C:71:14:F4:A0:9B:D4:EA:4F:4A:99:D5:58:B4:6E:4C:25:CD:81:14:0D:29:C0:56:13:91:4C:38:41

2) Remove the "Swisscom Root CA 1" root certificate
Issuer Common Name: Swisscom Root CA 1
Digital Certificate Services
SHA-1 Fingerprint: 5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51
SHA-256 Fingerprint: 21:DB:20:12:36:60:BB:2E:D4:18:20:5D:A1:1E:E7:A8:5A:65:E2:BC:6E:55:B5:AF:7E:78:99:C8:A2:66:D9:2E

3) Remove the "Swisscom Root EV CA 2" root certificate
Issuer Common Name: Swisscom Root EV CA 2
SHA-1 Fingerprint: E7:A1:90:29:D3:D5:52:DC:0D:0F:C6:92:D3:EA:88:0D:15:2E:1A:6B
SHA-256 Fingerprint: D9:5F:EA:3C:A4:EE:DC:E7:4C:D7:6E:75:FC:6D:1F:F6:2C:44:1F:0F:A8:BC:77:F0:34:B1:9E:5D:B2:58:01:5D

The removal of the "Swisscom Root EV CA 2" root certificate is dependent on Bug #1359514 for removing EV treatment.
H-P, Please confirm (by adding a comment in this bug) that the requested changes are correctly stated.
Duplicate of this bug: 1359064
Confirm correctness of all 3 tasks, thanks.

Thanks for confirming that the data in this bug is correct.

Unless I learn of security concerns that make this request urgent, this change will happen as part of our regular root inclusion/update process. 

Root inclusions/updates are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months.

At some point in the next 3 months a test build will be provided and this bug will be updated to indicate the change is in progress. Since you are cc'd on this bug, you will get notification via email when that happens.
Depends on: 1380941
Patch and testing information is in Bug #1380941.
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.32
Hi Kathleen

I just noted that the websites trust bit for Swisscom is still set in CCABD:

What are the next steps required to remove the Mozilla websites trust bits?

Please let me know if there is something else I need to do.

Thanks & regards
Thanks for the reminder. I have updated the CCADB to match the July batch of root changes (Bug #1380941).
Thanks for the update. Who can support me in changing the Microsoft Trust Bits?
(In reply to H-P Waldegger from comment #8)
> Thanks for the update. Who can support me in changing the Microsoft Trust
> Bits?

Sent response via email.
You need to log in before you can comment on or make changes to this bug.