Please remove the following three StartCom root certificates from NSS. For each of these, certificates issued after October 2016 are not trusted. 1) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL SHA-256 Fingerprint: C7:66:A9:BE:F2:D4:07:1C:86:3A:31:AA:49:20:E8:13:B2:D1:98:60:8C:B7:B7:CF:E2:11:43:B8:36:DF:09:EA 2) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL SHA-256 Fingerprint: E1:78:90:EE:09:A3:FB:F4:F4:8B:9C:41:4A:17:D6:37:B7:A5:06:47:E9:BC:75:23:22:72:7F:CC:17:42:A9:11 3) CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL SHA-256 Fingerprint: C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95 * All of these were enabled for EV treatment. Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1309707 https://wiki.mozilla.org/CA/Additional_Trust_Changes#StartCom https://groups.google.com/d/msg/mozilla.dev.security.policy/1bM5Q9MgPx4/L8lwL4KCAgAJ https://crt.sh/mozilla-certvalidations
Status: NEW → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → FIXED
Whiteboard: Removed in NSS 3.34, Firefox 58
You need to log in before you can comment on or make changes to this bug.