Closed Bug 1450805 Opened 2 years ago Closed 2 years ago

Add Consorci AOC "old" hierarchy to OneCRL

Categories

(NSS :: CA Certificate Root Program, task)

task
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: fferre, Assigned: kwilson)

References

Details

(Whiteboard: [ca-onecrl])

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Dear Kathleen, 

Please add the following intermediate certificate to OneCRL. This request is related to "https://bugzilla.mozilla.org/show_bug.cgi?id=1398246". The following intermediate certs are not intended to issue TLS certs so they can be added to OneCRL, even though they are not revoked.


1) EC-AL: https://crt.sh/?caID=358

sha1 version (https://ccadb.force.com/001o000000o2emzAAA)
Issuer commonName = EC-ACC
Certificate Serial Number: 3d97d3930439622a3e1c4da6bed1730e
Subject commonName = EC-AL
SHA-256 Fingerprint	
59:2C:50:8E:39:D7:66:5F:84:45:86:C3:B9:E7:65:AF:D5:D8:0B:BE:05:F9:28:9C:B0:DE:D5:71:1A:C9:C1:0A

sha2 version (https://ccadb.force.com/001o000000xPehcAAC)
Issuer commonName = EC-ACC
Certificate Serial Number: 5bdf59d94b95e6914fe95f00608c1c55
Subject commonName = EC-AL
SHA-256 Fingerprint	
74:86:39:EE:75:62:3D:6E:15:C4:8B:7C:31:7C:B5:16:51:3B:DD:11:43:A8:F5:E9:0F:F1:A6:65:A3:31:46:76


2) EC-SAFP: https://crt.sh/?caID=6535

sha1 version (https://ccadb.force.com/001o000000o2enZAAQ)
Issuer commonName = EC-GENCAT
Certificate Serial Number: 6fef2f14f44fccdf3e1c2116988c1536
Subject commonName = EC-SAFP
SHA-256 Fingerprint	
20:7C:EC:E0:38:B9:82:6A:12:0A:91:9D:4B:41:BC:A8:F3:7F:2E:99:46:21:BF:5A:99:3A:04:08:7D:55:6D:C6

sha2 version (https://ccadb.force.com/001o000000xPefMAAS)
Issuer commonName = EC-GENCAT
Certificate Serial Number: 3a7d1b02cb5ca3164fe961117b5e741b
Subject commonName = EC-SAFP
SHA-256 Fingerprint	
B9:5D:48:3F:73:17:70:34:DC:E1:C5:1F:FE:1C:B9:97:2C:AF:FE:4F:A1:E1:AD:74:12:D0:3D:6B:A5:B0:47:51


3) EC-GENCAT: 

sha1 version (https://ccadb.force.com/001o000000o2em4AAA)
Issuer commonName = EC-ACC
Certificate Serial Number: 20bd3de069043d253e1c0b9c8252f422
Subject commonName = EC-GENCAT
SHA-256 Fingerprint	
60:63:6B:E2:F2:94:EC:07:8F:4C:72:69:64:B4:DD:50:2B:1C:82:E0:99:CF:77:56:31:E8:83:FE:EE:45:F9:51

sha2 version (https://ccadb.force.com/001o000000xPef2AAC)
Issuer commonName = EC-ACC
Certificate Serial Number: 22a5b880ee3a4bcd4f8d3a47040ee651
Subject commonName = EC-GENCAT
SHA-256 Fingerprint	
AF:CA:33:DA:C5:44:38:9E:3D:23:0D:B1:2A:D8:BA:3E:E7:C1:A9:E4:CC:F0:CA:FF:D7:E1:6C:2A:2F:35:CE:E5



4) EC-PARLAMENT: https://ccadb.force.com/001o000000xPei6AAC

sha1 version (https://ccadb.force.com/001o000000o2elfAAA)
Issuer commonName = EC-ACC
Certificate Serial Number: 258e737600ff986f40e2807fbb3752c1
Subject commonName = EC-PARLAMENT
SHA-256 Fingerprint	
44:C5:0A:C8:0E:DB:E9:E5:52:E3:C9:6C:E5:BD:11:C8:37:C7:0F:56:A3:3A:CA:BC:F1:8D:8D:7A:9B:35:0E:07

sha2 version (https://ccadb.force.com/001o000000xPei6AAC)
Issuer commonName = EC-ACC
Certificate Serial Number: 75f13608d032f48c4fe95c19d8853670
Subject commonName = EC-PARLAMENT
SHA-256 Fingerprint	
4A:40:D4:BE:7F:B0:B0:5F:9B:DC:A6:0B:CE:38:3F:B5:92:C4:92:06:DB:C5:C7:84:F8:19:CD:74:F2:A0:7B:E3


5) EC-UR: https://crt.sh/?caID=78

sha1 version (https://ccadb.force.com/001o000000o2en9AAA)
Issuer commonName = EC-ACC
Certificate Serial Number: 06a55f3cb28195283fe049e7f9319d6c
Subject commonName = EC-UR
SHA-256 Fingerprint	
87:00:D0:47:E5:07:11:16:F6:75:51:A4:39:39:98:D6:29:E6:6F:02:C7:B5:2E:61:8E:F4:F9:49:6E:73:47:56

sha2 version (https://ccadb.force.com/001o000000xPesWAAS)
Issuer commonName = EC-ACC
Certificate Serial Number: 3f4a9453b461ce734fe95f621986d26c
Subject commonName = EC-UR
SHA-256 Fingerprint	
70:99:A6:61:17:82:5F:DA:BA:E4:8C:B1:9A:FE:31:37:D8:13:A0:B6:73:FD:59:1D:22:9E:26:19:63:D3:D6:1B


6) EC-URV: https://crt.sh/?caID=610

sha1 version (https://ccadb.force.com/001o000000o2enPAAQ)
Issuer commonName = EC-UR
Certificate Serial Number: 6374000aed91198549e850272566691c
Subject commonName = EC-URV
SHA-256 Fingerprint	
A4:65:2E:D2:43:DA:CC:3F:EE:E1:F0:ED:7C:91:BD:B1:9A:9B:C2:25:E7:2A:5C:97:FD:A4:F1:F0:01:25:BA:A3

sha2 version (https://ccadb.force.com/001o000000xPet5AAC)
Issuer commonName = EC-UR
Certificate Serial Number: 2523c2f2100ab1404fe98de7f49331f3
Subject commonName = EC-URV
SHA-256 Fingerprint	
8A:AC:53:FB:FC:86:11:37:EC:A7:D5:06:1B:81:03:1F:8E:F3:AA:00:7D:4F:D3:44:83:4E:A8:59:38:6F:B2:3D


7) EC-IDCAT: https://crt.sh/?caID=6535

sha1 version (https://ccadb.force.com/001o000000o2enEAAQ)
Issuer commonName = EC-ACC
Certificate Serial Number: 704040d0fdca3c193fa23c2761ea70ce
Subject commonName = EC-IDCAT
SHA-256 Fingerprint
95:4B:88:92:23:49:8A:ED:51:AA:7A:29:B6:2E:ED:24:BE:03:CD:48:1D:18:2E:03:EB:83:BA:E8:DD:7B:D7:1B
	
sha2 version (https://ccadb.force.com/001o000000xPeqGAAS)
Issuer commonName = EC-ACC
Certificate Serial Number: 2f9b4e5635462ad14fe95f38b461053e
Subject commonName = EC-IDCAT
SHA-256 Fingerprint	
11:78:69:A7:6A:D9:AD:92:A5:15:F8:58:90:43:72:74:63:43:94:50:2C:B4:E2:26:66:5F:CF:1F:B7:5A:45:75

Thank you very much,
Request to add ec-ciutadania also:

8) EC-CIUTADANIA: https://crt.sh/?caid=13344

sha1 version (https://ccadb.force.com/0011J00001DaEliQAF - https://crt.sh/?id=326364846)
Issuer commonName = EC-ACC
Certificate Serial Number: 541cb42fc7882a75541a963dece5eb93
Subject commonName = EC-CIUTADANIA
SHA-256 Fingerprint
DB:6C:BB:87:33:BE:B4:93:AF:39:C7:02:A9:DD:06:74:31:4E:2E:D3:26:0C:D5:25:0A:49:14:80:75:7D:8E:A2
	
sha2 version (https://ccadb.force.com/001o000000o2eneAAA - https://crt.sh/?id=12721534)
Issuer commonName = EC-ACC
Certificate Serial Number: 73eeae15e3dfada8541a95ecf258624f
Subject commonName = EC-CIUTADANIA
SHA-256 Fingerprint	
0F:D9:9A:AE:1F:FC:D5:D9:F0:AD:76:ED:DD:CB:EF:6B:88:4C:C8:5C:16:BF:CF:A4:B5:24:61:55:D6:59:7E:D6
Francesc: can confirm that it is not possible to revoke any of these intermediates? We can ad them to OneCRL when they are not revoked, but prefer them to be revoked.
Flags: needinfo?(fferre)
(In reply to Wayne Thayer [:wayne] from comment #3)
> Francesc: can confirm that it is not possible to revoke any of these
> intermediates? We can ad them to OneCRL when they are not revoked, but
> prefer them to be revoked.

All the intermediates listed here have valid unrevoked and not expired e-signature and e-seal certificates (not SSL certs in any case). So I can confirm they cannot be revoked yet. Please tell us when they are added to One CRL. 

Thank you very much,
I have indicated that these are "Ready to Add" to OneCRL in the CCADB.

Reference:
https://ccadb-public.secure.force.com/mozilla/PublicInterCertsReadyToAddToOneCRL
Flags: needinfo?(fferre)
Whiteboard: [ca-onecrl]
Depends on: 1458321
I confirm that these have been added to OneCRL.
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.