Closed Bug 1499320 Opened 7 years ago Closed 6 years ago

Remove Opentrust and Certplus root certs that currently only have the Email trust bit enabled

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: erwann.abalea, Unassigned)

References

Details

(Whiteboard: Removed from NSS 3.41, Firefox 65)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15 Steps to reproduce: Bonjour, We want to remove the Trust Bit "Email" for the 5 following root CAs: OpenTrust Root CA G1 SHA1 fingerprint: 7991e834f7e2eedd08950152e9552d14e958d57e OpenTrust Root CA G2 SHA1 fingerprint: 795f8860c5ab7c3d92e6cbf48de145cd11ef600b OpenTrust Root CA G3 SHA1 fingerprint: 6e2664f356bf3455bfd1933f7c01ded813da8aa6 Certplus Root CA G1 SHA1 fingerprint: 22fdd0b7fda24e0dac492ca0aca67b6a1fe3f766 Certplus Root CA G2 SHA1 fingerprint: 4f658e1fe906d82802e9544741c954255d69cc1a It is expected that as a result, these 5 root CAs will be removed from the list of trusted root CAs by Mozilla.
Let's remove these root certificates in our next batch of root changes.
Assignee: kwilson → nobody
Component: CA Certificate Root Program → CA Certificates Code
Summary: Turn off email trust bit for Opentrust and Certplus root certs → Remove Opentrust and Certplus root certs that currently only have the Email trust bit enabled
Depends on: 1505899
The test build is available here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=726a71039edcc1e835b2d7bce0f8d514e64c2091 Testing may be performed as described here: https://wiki.mozilla.org/CA/Application_Instructions#Test I have verified that these root certs are removed in this test build.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Whiteboard: Removed from NSS 3.41, Firefox 65
You need to log in before you can comment on or make changes to this bug.