Closed Bug 1499320 Opened 3 years ago Closed 3 years ago

Remove Opentrust and Certplus root certs that currently only have the Email trust bit enabled

Categories

(NSS :: CA Certificates Code, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: erwann.abalea, Unassigned)

References

Details

(Whiteboard: Removed from NSS 3.41, Firefox 65)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15

Steps to reproduce:

Bonjour,

We want to remove the Trust Bit "Email" for the 5 following root CAs:

OpenTrust Root CA G1
SHA1 fingerprint: 7991e834f7e2eedd08950152e9552d14e958d57e

OpenTrust Root CA G2
SHA1 fingerprint: 795f8860c5ab7c3d92e6cbf48de145cd11ef600b

OpenTrust Root CA G3
SHA1 fingerprint: 6e2664f356bf3455bfd1933f7c01ded813da8aa6

Certplus Root CA G1
SHA1 fingerprint: 22fdd0b7fda24e0dac492ca0aca67b6a1fe3f766

Certplus Root CA G2
SHA1 fingerprint: 4f658e1fe906d82802e9544741c954255d69cc1a

It is expected that as a result, these 5 root CAs will be removed from the list of trusted root CAs by Mozilla.
Let's remove these root certificates in our next batch of root changes.
Assignee: kwilson → nobody
Component: CA Certificate Root Program → CA Certificates Code
Summary: Turn off email trust bit for Opentrust and Certplus root certs → Remove Opentrust and Certplus root certs that currently only have the Email trust bit enabled
The test build is available here:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=726a71039edcc1e835b2d7bce0f8d514e64c2091

Testing may be performed as described here:
https://wiki.mozilla.org/CA/Application_Instructions#Test

I have verified that these root certs are removed in this test build.
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Whiteboard: Removed from NSS 3.41, Firefox 65
You need to log in before you can comment on or make changes to this bug.