Closed
Bug 1450805
Opened 6 years ago
Closed 6 years ago
Add Consorci AOC "old" hierarchy to OneCRL
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: fferre, Assigned: kathleen.a.wilson)
References
Details
(Whiteboard: [ca-onecrl])
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
|
Reporter | |
Comment 1•6 years ago
|
||
Dear Kathleen, Please add the following intermediate certificate to OneCRL. This request is related to "https://bugzilla.mozilla.org/show_bug.cgi?id=1398246". The following intermediate certs are not intended to issue TLS certs so they can be added to OneCRL, even though they are not revoked. 1) EC-AL: https://crt.sh/?caID=358 sha1 version (https://ccadb.force.com/001o000000o2emzAAA) Issuer commonName = EC-ACC Certificate Serial Number: 3d97d3930439622a3e1c4da6bed1730e Subject commonName = EC-AL SHA-256 Fingerprint 59:2C:50:8E:39:D7:66:5F:84:45:86:C3:B9:E7:65:AF:D5:D8:0B:BE:05:F9:28:9C:B0:DE:D5:71:1A:C9:C1:0A sha2 version (https://ccadb.force.com/001o000000xPehcAAC) Issuer commonName = EC-ACC Certificate Serial Number: 5bdf59d94b95e6914fe95f00608c1c55 Subject commonName = EC-AL SHA-256 Fingerprint 74:86:39:EE:75:62:3D:6E:15:C4:8B:7C:31:7C:B5:16:51:3B:DD:11:43:A8:F5:E9:0F:F1:A6:65:A3:31:46:76 2) EC-SAFP: https://crt.sh/?caID=6535 sha1 version (https://ccadb.force.com/001o000000o2enZAAQ) Issuer commonName = EC-GENCAT Certificate Serial Number: 6fef2f14f44fccdf3e1c2116988c1536 Subject commonName = EC-SAFP SHA-256 Fingerprint 20:7C:EC:E0:38:B9:82:6A:12:0A:91:9D:4B:41:BC:A8:F3:7F:2E:99:46:21:BF:5A:99:3A:04:08:7D:55:6D:C6 sha2 version (https://ccadb.force.com/001o000000xPefMAAS) Issuer commonName = EC-GENCAT Certificate Serial Number: 3a7d1b02cb5ca3164fe961117b5e741b Subject commonName = EC-SAFP SHA-256 Fingerprint B9:5D:48:3F:73:17:70:34:DC:E1:C5:1F:FE:1C:B9:97:2C:AF:FE:4F:A1:E1:AD:74:12:D0:3D:6B:A5:B0:47:51 3) EC-GENCAT: sha1 version (https://ccadb.force.com/001o000000o2em4AAA) Issuer commonName = EC-ACC Certificate Serial Number: 20bd3de069043d253e1c0b9c8252f422 Subject commonName = EC-GENCAT SHA-256 Fingerprint 60:63:6B:E2:F2:94:EC:07:8F:4C:72:69:64:B4:DD:50:2B:1C:82:E0:99:CF:77:56:31:E8:83:FE:EE:45:F9:51 sha2 version (https://ccadb.force.com/001o000000xPef2AAC) Issuer commonName = EC-ACC Certificate Serial Number: 22a5b880ee3a4bcd4f8d3a47040ee651 Subject commonName = EC-GENCAT SHA-256 Fingerprint AF:CA:33:DA:C5:44:38:9E:3D:23:0D:B1:2A:D8:BA:3E:E7:C1:A9:E4:CC:F0:CA:FF:D7:E1:6C:2A:2F:35:CE:E5 4) EC-PARLAMENT: https://ccadb.force.com/001o000000xPei6AAC sha1 version (https://ccadb.force.com/001o000000o2elfAAA) Issuer commonName = EC-ACC Certificate Serial Number: 258e737600ff986f40e2807fbb3752c1 Subject commonName = EC-PARLAMENT SHA-256 Fingerprint 44:C5:0A:C8:0E:DB:E9:E5:52:E3:C9:6C:E5:BD:11:C8:37:C7:0F:56:A3:3A:CA:BC:F1:8D:8D:7A:9B:35:0E:07 sha2 version (https://ccadb.force.com/001o000000xPei6AAC) Issuer commonName = EC-ACC Certificate Serial Number: 75f13608d032f48c4fe95c19d8853670 Subject commonName = EC-PARLAMENT SHA-256 Fingerprint 4A:40:D4:BE:7F:B0:B0:5F:9B:DC:A6:0B:CE:38:3F:B5:92:C4:92:06:DB:C5:C7:84:F8:19:CD:74:F2:A0:7B:E3 5) EC-UR: https://crt.sh/?caID=78 sha1 version (https://ccadb.force.com/001o000000o2en9AAA) Issuer commonName = EC-ACC Certificate Serial Number: 06a55f3cb28195283fe049e7f9319d6c Subject commonName = EC-UR SHA-256 Fingerprint 87:00:D0:47:E5:07:11:16:F6:75:51:A4:39:39:98:D6:29:E6:6F:02:C7:B5:2E:61:8E:F4:F9:49:6E:73:47:56 sha2 version (https://ccadb.force.com/001o000000xPesWAAS) Issuer commonName = EC-ACC Certificate Serial Number: 3f4a9453b461ce734fe95f621986d26c Subject commonName = EC-UR SHA-256 Fingerprint 70:99:A6:61:17:82:5F:DA:BA:E4:8C:B1:9A:FE:31:37:D8:13:A0:B6:73:FD:59:1D:22:9E:26:19:63:D3:D6:1B 6) EC-URV: https://crt.sh/?caID=610 sha1 version (https://ccadb.force.com/001o000000o2enPAAQ) Issuer commonName = EC-UR Certificate Serial Number: 6374000aed91198549e850272566691c Subject commonName = EC-URV SHA-256 Fingerprint A4:65:2E:D2:43:DA:CC:3F:EE:E1:F0:ED:7C:91:BD:B1:9A:9B:C2:25:E7:2A:5C:97:FD:A4:F1:F0:01:25:BA:A3 sha2 version (https://ccadb.force.com/001o000000xPet5AAC) Issuer commonName = EC-UR Certificate Serial Number: 2523c2f2100ab1404fe98de7f49331f3 Subject commonName = EC-URV SHA-256 Fingerprint 8A:AC:53:FB:FC:86:11:37:EC:A7:D5:06:1B:81:03:1F:8E:F3:AA:00:7D:4F:D3:44:83:4E:A8:59:38:6F:B2:3D 7) EC-IDCAT: https://crt.sh/?caID=6535 sha1 version (https://ccadb.force.com/001o000000o2enEAAQ) Issuer commonName = EC-ACC Certificate Serial Number: 704040d0fdca3c193fa23c2761ea70ce Subject commonName = EC-IDCAT SHA-256 Fingerprint 95:4B:88:92:23:49:8A:ED:51:AA:7A:29:B6:2E:ED:24:BE:03:CD:48:1D:18:2E:03:EB:83:BA:E8:DD:7B:D7:1B sha2 version (https://ccadb.force.com/001o000000xPeqGAAS) Issuer commonName = EC-ACC Certificate Serial Number: 2f9b4e5635462ad14fe95f38b461053e Subject commonName = EC-IDCAT SHA-256 Fingerprint 11:78:69:A7:6A:D9:AD:92:A5:15:F8:58:90:43:72:74:63:43:94:50:2C:B4:E2:26:66:5F:CF:1F:B7:5A:45:75 Thank you very much,
|
|
Reporter | |
Comment 2•6 years ago
|
||
Request to add ec-ciutadania also: 8) EC-CIUTADANIA: https://crt.sh/?caid=13344 sha1 version (https://ccadb.force.com/0011J00001DaEliQAF - https://crt.sh/?id=326364846) Issuer commonName = EC-ACC Certificate Serial Number: 541cb42fc7882a75541a963dece5eb93 Subject commonName = EC-CIUTADANIA SHA-256 Fingerprint DB:6C:BB:87:33:BE:B4:93:AF:39:C7:02:A9:DD:06:74:31:4E:2E:D3:26:0C:D5:25:0A:49:14:80:75:7D:8E:A2 sha2 version (https://ccadb.force.com/001o000000o2eneAAA - https://crt.sh/?id=12721534) Issuer commonName = EC-ACC Certificate Serial Number: 73eeae15e3dfada8541a95ecf258624f Subject commonName = EC-CIUTADANIA SHA-256 Fingerprint 0F:D9:9A:AE:1F:FC:D5:D9:F0:AD:76:ED:DD:CB:EF:6B:88:4C:C8:5C:16:BF:CF:A4:B5:24:61:55:D6:59:7E:D6
|
||
Comment 3•6 years ago
|
||
Francesc: can confirm that it is not possible to revoke any of these intermediates? We can ad them to OneCRL when they are not revoked, but prefer them to be revoked.
Flags: needinfo?(fferre)
|
|
Reporter | |
Comment 4•6 years ago
|
||
(In reply to Wayne Thayer [:wayne] from comment #3) > Francesc: can confirm that it is not possible to revoke any of these > intermediates? We can ad them to OneCRL when they are not revoked, but > prefer them to be revoked. All the intermediates listed here have valid unrevoked and not expired e-signature and e-seal certificates (not SSL certs in any case). So I can confirm they cannot be revoked yet. Please tell us when they are added to One CRL. Thank you very much,
|
Assignee | |
Comment 5•6 years ago
|
||
I have indicated that these are "Ready to Add" to OneCRL in the CCADB. Reference: https://ccadb-public.secure.force.com/mozilla/PublicInterCertsReadyToAddToOneCRL
Flags: needinfo?(fferre)
|
|
Assignee | |
Updated•6 years ago
|
Whiteboard: [ca-onecrl]
|
|
Assignee | |
Comment 6•6 years ago
|
||
I confirm that these have been added to OneCRL.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
|
||
Updated•2 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•