Closed
Bug 1366403
Opened 7 years ago
Closed 7 years ago
Remove Legacy Comodo root certificates per CA Request
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
3.32
People
(Reporter: kathleen.a.wilson, Unassigned)
References
Details
Please remove the following root certificate from NSS. Common Name: UTN-USERFirst-Object SHA-1 Fingerprint: E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46 SHA-256 Fingerprint: 6F:FF:78:E4:00:A7:0C:11:01:1C:D8:59:77:C4:59:FB:5A:F9:6A:3D:F0:54:08:20:D0:F4:B8:60:78:75:E5:8F * This root cert is not enabled for EV treatment. Reason for removal: Mozilla no longer supports the Code Signing trust bit. https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg02409.html
Reporter | ||
Comment 1•7 years ago
|
||
As requested by the CA (Bug #1378334), please also make the following changes to NSS. == Turn off Websites and Code Signing trust bits == Common Name: AddTrust Class 1 CA Root SHA-1 Fingerprint: CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D SHA-256 Fingerprint: 8C:72:09:27:9A:C0:4E:27:5E:16:D0:7F:D3:B7:75:E8:01:54:B5:96:80:46:E3:1F:52:DD:25:76:63:24:E9:A7 CA requested to keep the Email trust bit enabled so that existing S/MIME signatures can still be validated. == Remove Root Certs from NSS == Common Name: AddTrust Public CA Root SHA-1 Fingerprint: 2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5 SHA-256 Fingerprint: 07:91:CA:07:49:B2:07:82:AA:D3:C7:D7:BD:0C:DF:C9:48:58:35:84:3E:B2:D7:99:60:09:CE:43:AB:6C:69:27 * Not EV Common Name: AddTrust Qualified CA Root SHA-1 Fingerprint: 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF SHA-256 Fingerprint: 80:95:21:08:05:DB:4B:BC:35:5E:44:28:D8:FD:6E:C2:CD:E3:AB:5F:B9:7A:99:42:98:8E:B8:F4:DC:D0:60:16 * Not EV Common Name: Secure Certificate Services SHA-1 Fingerprint: 4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1 SHA-256 Fingerprint: BD:81:CE:3B:4F:65:91:D1:1A:67:B5:FC:7A:47:FD:EF:25:52:1B:F9:AA:4E:18:B9:E3:DF:2E:34:A7:80:3B:E8 * Not EV Common Name: Trusted Certificate Services SHA-1 Fingerprint: E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD SHA-256 Fingerprint: 3F:06:E5:56:81:D4:96:F5:BE:16:9E:B5:38:9F:9F:2B:8F:F6:1E:17:08:DF:68:81:72:48:49:CD:5D:27:CB:69 * Not EV Common Name: UTN-USERFirst-Hardware SHA-1 Fingerprint: 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7 SHA-256 Fingerprint: 6E:A5:47:41:D0:04:66:7E:ED:1B:48:16:63:4A:A3:A7:9E:6E:4B:96:95:0F:82:79:DA:FC:8D:9B:D8:81:21:37 * EV ENABLED
Reporter | ||
Updated•7 years ago
|
Summary: Remove UTN-USERFirst-Object root certificate → Remove Legacy Comodo root certificates per CA Request
Reporter | ||
Comment 2•7 years ago
|
||
Patch and testing information is in Bug #1380941.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.32
You need to log in
before you can comment on or make changes to this bug.
Description
•