Disable/Remove some legacy Comodo root certificates

RESOLVED FIXED

Status

task
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Rob.Stradling, Assigned: kwilson)

Tracking

trunk
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Reporter

Description

2 years ago
Please disable the Websites and Code Signing trust bits for the following 1 root:

  Subject Name:
    CN = AddTrust Class 1 CA Root
    OU = AddTrust TTP Network
    O = AddTrust AB
    C = SE
  SHA-256 fingerprint:
    8C7209279AC04E275E16D07FD3B775E80154B5968046E31F52DD25766324E9A7
  Reason: Legacy, no longer in use.  However, please leave the Email trust bit enabled so that existing S/MIME signatures can still be validated.
  See also: https://crt.sh/?id=1726036


Please disable all trust bits and remove the following 5 roots:

  Subject Name:
    CN = AddTrust Public CA Root
    OU = AddTrust TTP Network
    O = AddTrust AB
    C = SE
  SHA-256 fingerprint:
    0791CA0749B20782AAD3C7D7BD0CDFC9485835843EB2D7996009CE43AB6C6927
  Reason: Legacy, no longer in use.
  See also: https://crt.sh/?id=1733294

  Subject Name:
    CN = AddTrust Qualified CA Root
    OU = AddTrust TTP Network
    O = AddTrust AB
    C = SE
  SHA-256 fingerprint:
    8095210805DB4BBC355E4428D8FD6EC2CDE3AB5FB97A9942988EB8F4DCD06016
  Reason: Legacy, no longer in use.
  See also: https://crt.sh/?id=1721082

  Subject Name:
    CN = Secure Certificate Services
    O = Comodo CA Limited
    L = Salford
    ST = Greater Manchester
    C = GB
  SHA-256 fingerprint:
    BD81CE3B4F6591D11A67B5FC7A47FDEF25521BF9AA4E18B9E3DF2E34A7803BE8
  Reason: Legacy, no longer in use.
  See also: https://crt.sh/?id=1726666

  Subject Name:
    CN = Trusted Certificate Services
    O = Comodo CA Limited
    L = Salford
    ST = Greater Manchester
    C = GB
  SHA-256 fingerprint:
    3F06E55681D496F5BE169EB5389F9F2B8FF61E1708DF6881724849CD5D27CB69
  Reason: Legacy, no longer in use.
  See also: https://crt.sh/?id=1728427

  Subject Name:
    CN = UTN-USERFirst-Hardware
    OU = http://www.usertrust.com
    O = The USERTRUST Network
    L = Salt Lake City
    ST = UT
    C = US
  SHA-256 fingerprint:
    6EA54741D004667EED1B4816634AA3A79E6E4B96950F8279DAFC8D9BD8812137
  Reason: Legacy, no longer in use.
  See also: https://crt.sh/?id=34


Please also disable EV treatment for UTN-USERFirst-Hardware.
Reporter

Updated

2 years ago
See Also: → 1366403
Assignee

Updated

2 years ago
Depends on: 1366403, 1380821
Assignee

Updated

2 years ago
Status: NEW → ASSIGNED
Assignee

Comment 1

2 years ago
These changes were completed via Bug #1366403 and Bug #1380821 in NSS 3.32, Firefox 56.
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.