Closed
Bug 1400600
Opened 8 years ago
Closed 8 years ago
Add Baltimore Cybertrust Cross Certificates issued to Siemens Internet CA V1.0 to OneCRL
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: benwilsonusa, Assigned: mgoodwin)
References
Details
(Whiteboard: [ca-onecrl])
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Build ID: 20170824053622
|
Reporter | |
Comment 1•8 years ago
|
||
The following three cross certificates issued by the Baltimore Cybertrust Root to the Siemens Internet CA V1.0 have not yet been revoked but should be added to OneCRL:
Serial Nos. 0727564b, 0cbd05000cea79a745bd6bec97dc5a88, 09c68f5ae66d71d9de4a77ab6091f7dc
Serial No. 0727564b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIEBydWSzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTExMDcxNDE2MTE0MVoX
DTIzMDcxNDE2MTExN1owgZExCzAJBgNVBAYTAkRFMRAwDgYDVQQKDAdTaWVtZW5z
MREwDwYDVQQFEwhaWlpaWlpWMDE6MDgGA1UECwwxQ29weXJpZ2h0IChDKSBTaWVt
ZW5zIEFHIDIwMTEgQWxsIFJpZ2h0cyBSZXNlcnZlZDEhMB8GA1UEAwwYU2llbWVu
cyBJbnRlcm5ldCBDQSBWMS4wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtOKu51fv/rScjbH0r0Uol/O96u8qGrtBQ+thN0A0ryzwsgcU4QAp8nPYt6cR
SI+29ysibk4xevVNfWCKOTquYntPOSXmyhXaPOKgJ588zr+1F1//yODojIn+yDIR
DR9mix/Znwa1K6ECXismikPP4GtqHv7Pj9T6QVonMHfntCFB6fO8NN0akVJBZoS9
ejtueypkKrYTAtzrA7R102kcp30UDPtrwtDXCFIvjfVmJmp30e2QX2kVhIYx7PtX
+qLCVPOMujT3wJQ8tnLCTnRAv6MIgz7Ufp7AFF0TdUvVlHQ0w6XqQJMgvlY4libF
BZgW4hZ146STgsD+uRO1YODa8QIDAQABo4IBdTCCAXEwEgYDVR0TAQH/BAgwBgEB
/wIBATBbBgNVHSAEVDBSMEgGCSsGAQQBsT4BADA7MDkGCCsGAQUFBwIBFi1odHRw
Oi8vY3liZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeS5jZm0wBgYEVR0g
ADAOBgNVHQ8BAf8EBAMCAQYwgYUGA1UdIwR+MHyAFOWdWTCCR1jMrPoIVDaGezq1
BE3woV6kXDBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYD
VQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBS
b290ggQCAAC5MEcGA1UdHwRAMD4wPKA6oDiGNmh0dHA6Ly93d3cucHVibGljLXRy
dXN0LmNvbS9jZ2ktYmluL0NSTC8yMDI1MDEvY2RwLmNybDAdBgNVHQ4EFgQUEapO
nApNThdWG5RXOAHytzWkSWUwDQYJKoZIhvcNAQEFBQADggEBAAdvcLAkY0C51Hm6
hqgFctsCDXNy+CW0cuIwe2SV4apynjcMU7RB30cnOX7JGiL//o5VlpdGYeSIiI42
N3tZJQ6JURagL5mcBcCMAwSIE8cBa9RiSVW4KfMmun5ldN6q1FXJ28OnxxsJkZLZ
h2Y1J1R9WGxJbYRDJvrRH0icJKJmlD+k4h/EeyC75K2x2xQO5XIKJHUWH/+ChgpV
TcawNX3uH9XrPvaSRr+Troj6+iyE5nWXPolmnlyUrg1rJsMvY8iBtMUUxst10Y/V
nhIcGv8FWoPpaRJVVOgGRmwA7k4TsP3Yv4cQuANX0fQtCRrNq3BKMkUaznsHx90C
6sbFZEM=
-----END CERTIFICATE-----
Serial No. 0cbd05000cea79a745bd6bec97dc5a88
-----BEGIN CERTIFICATE-----
MIIEkTCCA3mgAwIBAgIQDL0FAAzqeadFvWvsl9xaiDANBgkqhkiG9w0BAQsFADBa
MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl
clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2
MDMwMTEyNDMzOFoXDTIxMDMwMTEyNDMzOFowgZExCzAJBgNVBAYTAkRFMRAwDgYD
VQQKDAdTaWVtZW5zMREwDwYDVQQFEwhaWlpaWlpWMDE6MDgGA1UECwwxQ29weXJp
Z2h0IChDKSBTaWVtZW5zIEFHIDIwMTEgQWxsIFJpZ2h0cyBSZXNlcnZlZDEhMB8G
A1UEAwwYU2llbWVucyBJbnRlcm5ldCBDQSBWMS4wMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtOKu51fv/rScjbH0r0Uol/O96u8qGrtBQ+thN0A0ryzw
sgcU4QAp8nPYt6cRSI+29ysibk4xevVNfWCKOTquYntPOSXmyhXaPOKgJ588zr+1
F1//yODojIn+yDIRDR9mix/Znwa1K6ECXismikPP4GtqHv7Pj9T6QVonMHfntCFB
6fO8NN0akVJBZoS9ejtueypkKrYTAtzrA7R102kcp30UDPtrwtDXCFIvjfVmJmp3
0e2QX2kVhIYx7PtX+qLCVPOMujT3wJQ8tnLCTnRAv6MIgz7Ufp7AFF0TdUvVlHQ0
w6XqQJMgvlY4libFBZgW4hZ146STgsD+uRO1YODa8QIDAQABo4IBGTCCARUwHQYD
VR0OBBYEFBGqTpwKTU4XVhuUVzgB8rc1pEllMB8GA1UdIwQYMBaAFOWdWTCCR1jM
rPoIVDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGG
MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
cnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv
bS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUF
BwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUA
A4IBAQA2D2N0Cnpk+cXutX6rfjebXl9C/rmOpxjHBEOJcUf4In/wZ8KO2ZaHlKdO
l6Hr8Ui4pZe6N/6lItx3aPhTBEd8buo+ApGtwDJIwB5ExsfDmCq9w7xo6ICb/TRP
Z867M411fhkh0pPqecVLSeqx5To0HM1Pixl7q8BmL4kyN4Oz0J/Uuy/UGuFCL7BF
nIkzUPL8oMdlwnUrWMPeHSOqgVinx3DEc4ysZBQ8lSYcAQj2xGLH+8Bict24VGV3
RsdJ2yCtXbg2H6Vj4R2Gtm4GdyK/kFgjd1aLYSxWD82G9IJPv4EvZsQyOtJqfhPn
Wp3ujLiX4hL9XpsnfGjDqzoU4y1K
-----END CERTIFICATE-----
Serial No. 09c68f5ae66d71d9de4a77ab6091f7dc
-----BEGIN CERTIFICATE-----
MIIEkTCCA3mgAwIBAgIQCcaPWuZtcdneSnerYJH33DANBgkqhkiG9w0BAQsFADBa
MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl
clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE1
MTExMTEyMDAwMFoXDTIwMDIxMTEyMDAwMFowgZExCzAJBgNVBAYTAkRFMRAwDgYD
VQQKEwdTaWVtZW5zMREwDwYDVQQFEwhaWlpaWlpWMDE6MDgGA1UECxMxQ29weXJp
Z2h0IChDKSBTaWVtZW5zIEFHIDIwMTEgQWxsIFJpZ2h0cyBSZXNlcnZlZDEhMB8G
A1UEAxMYU2llbWVucyBJbnRlcm5ldCBDQSBWMS4wMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtOKu51fv/rScjbH0r0Uol/O96u8qGrtBQ+thN0A0ryzw
sgcU4QAp8nPYt6cRSI+29ysibk4xevVNfWCKOTquYntPOSXmyhXaPOKgJ588zr+1
F1//yODojIn+yDIRDR9mix/Znwa1K6ECXismikPP4GtqHv7Pj9T6QVonMHfntCFB
6fO8NN0akVJBZoS9ejtueypkKrYTAtzrA7R102kcp30UDPtrwtDXCFIvjfVmJmp3
0e2QX2kVhIYx7PtX+qLCVPOMujT3wJQ8tnLCTnRAv6MIgz7Ufp7AFF0TdUvVlHQ0
w6XqQJMgvlY4libFBZgW4hZ146STgsD+uRO1YODa8QIDAQABo4IBGTCCARUwEgYD
VR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAm
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMw
MTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5j
cmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFBGqTpwKTU4XVhuUVzgB8rc1pEll
MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMA0GCSqGSIb3DQEBCwUA
A4IBAQAo3YXV7WJRe/X7Y9IQB9ZnU6VMLl3x3thNy94W4lPGuo0n7PxcYPPpyAJ5
vh4lKs9+4yhVdVQxeBHRQd1y1eof0P+d+OXV6n6rb99ZI4SqVXbkoXVrIvwg3ov3
2+ElrQplUkkUTLnrtNmBG8EDUMvBDvjZ2DHAoM/JUXIj5R67979wndiYQeeooR9w
whOQqoi8JcCAsEWxGH2lYTSf7anj0YvEj6NP2VWfyDoQF/HeXGeq5mFmsHSYSAzo
xzC+FRtLSJkQNHEqR3vBY+ukH4eGLMelkWczCob/NUZdIXM8p5FI4deV3ZETYO8V
jKUjE2khzhlPlFErwWu9NKHYlfBT
-----END CERTIFICATE-----
|
|
Reporter | |
Updated•8 years ago
|
Summary: Add Baltimore Cybertrust Cross Certificate Serial No. 0727564b (Siemens) to OneCRL → Add Baltimore Cybertrust Cross Certificates issued to Siemens Internet CA V1.0 to OneCRL
|
||
Comment 2•8 years ago
|
||
I confirm that the three certs listed above should be added to OneCRL, as per Bug #1397954.
Mark, please add these in our next batch of updates to OneCRL.
|
|
Reporter | |
Comment 3•8 years ago
|
||
Siemens has responded stating that while checking this bug they discovered that it is not acceptable to them to add the certificate with the serial number 0cbd05000cea79a745bd6bec97dc5a88 to the oneCRL since the private key to the corresponding certificate is used to sign issuing CAs that issue email encryption and code signing certificates which are not yet expired and are all issued in compliance to all requirements. They have asked that I inform Mozilla immediately not to add the certificate with the serial number 0cbd05000cea79a745bd6bec97dc5a88 to oneCRL, as this would affect over 175.000 employees in external communication and 50 code signing certificates, but that it would be acceptable to add certificates for SSL/TLS Intermediate CAs (“Issuing CA Class Internet”) to the oneCRL.
|
||
Comment 4•8 years ago
|
||
As of bug 1312827 OneCRL only applies to web server certificates.
|
||
Comment 5•8 years ago
|
||
Yeah - OneCRL is only for server certs so adding the intermediate won't impact their current use. There's no reason to remove them.
|
|
||
Comment 6•8 years ago
|
||
Just to be clear, we will proceed with adding these 3 certs to OneCRL.
|
|
||
Comment 7•8 years ago
|
||
I confirm that these 3 certs have been added to OneCRL.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Updated•3 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•