Remove old StartCom root certificates

RESOLVED FIXED

Status

NSS
CA Certificates Code
RESOLVED FIXED
9 months ago
6 months ago

People

(Reporter: Kathleen Wilson, Unassigned)

Tracking

trunk
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: Removed in NSS 3.34, Firefox 58)

(Reporter)

Description

9 months ago
Please remove the following three StartCom root certificates from NSS. 
For each of these, certificates issued after October 2016 are not trusted.


1) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: C7:66:A9:BE:F2:D4:07:1C:86:3A:31:AA:49:20:E8:13:B2:D1:98:60:8C:B7:B7:CF:E2:11:43:B8:36:DF:09:EA

2) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: E1:78:90:EE:09:A3:FB:F4:F4:8B:9C:41:4A:17:D6:37:B7:A5:06:47:E9:BC:75:23:22:72:7F:CC:17:42:A9:11

3) CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95


* All of these were enabled for EV treatment.
 

Reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=1309707
https://wiki.mozilla.org/CA/Additional_Trust_Changes#StartCom
https://groups.google.com/d/msg/mozilla.dev.security.policy/1bM5Q9MgPx4/L8lwL4KCAgAJ
https://crt.sh/mozilla-certvalidations
(Reporter)

Updated

9 months ago
Depends on: 1392852

Updated

8 months ago
Depends on: 1408080
(Reporter)

Updated

6 months ago
Status: NEW → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → FIXED
Whiteboard: Removed in NSS 3.34, Firefox 58
You need to log in before you can comment on or make changes to this bug.