Closed Bug 1618404 Opened 5 months ago Closed 2 months ago

Symantec root certs - Set CKA_NSS_SERVER_DISTRUST_AFTER

Categories

(NSS :: CA Certificates Code, enhancement, P1)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kwilson, Assigned: beurdouche)

References

Details

Attachments

(1 file)

Please set CKA_NSS_SERVER_DISTRUST_AFTER to the specified dates for the following root certificates. This distrusts TLS certs that have “Valid From” newer than the specified date. TLS certificates issued prior to this date will continue to be trusted until the certificate’s natural expiration or until we disable the trust bit or remove the root.

  • Server Distrust After Date: 9/30/2018
    Subject: CN=thawte Primary Root CA - G2; OU=(c) 2007 thawte, Inc. - For authorized use only; O=thawte, Inc.; C=US
    Certificate Serial Number: 35FC265CD9844FC93D263D579BAED756
    SHA-1 Fingerprint: AADBBC22238FC401A127BB38DDF41DDB089EF012
    SHA-256 Fingerprint: A4310D50AF18A6447190372A86AFAF8B951FFB431D837F1E5688B45971ED1557

  • Server Distrust After Date: 9/30/2018
    Subject: CN=GeoTrust Universal CA; O=GeoTrust Inc.; C=US
    Certificate Serial Number: 01
    SHA-1 Fingerprint: E621F3354379059A4B68309D8A2F74221587EC79
    SHA-256 Fingerprint: A0459B9F63B22559F5FA5D4C6DB3F9F72FF19342033578F073BF1D1B46CBB912

  • Server Distrust After Date: 1/31/2019
    Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4; OU=VeriSign Trust Network, (c) 2007 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US
    Certificate Serial Number: 2F80FE238C0E220F486712289187ACB3
    SHA-1 Fingerprint: 22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A
    SHA-256 Fingerprint: 69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79

  • Server Distrust After Date: 4/30/2019
    Subject: CN=VeriSign Universal Root Certification Authority; OU=VeriSign Trust Network, (c) 2008 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US
    Certificate Serial Number: 401AC46421B31321030EBBE4121AC51D
    SHA-1 Fingerprint: 3679CA35668772304D30A5FB873B0FA77BB70D54
    SHA-256 Fingerprint: 2399561127A57125DE8CEFEA610DDF2FA078B5C8067F4E828290BFB860E84B3C

  • Server Distrust After Date: 4/30/2019
    Subject: CN=thawte Primary Root CA - G3; OU=Certification Services Division, (c) 2008 thawte, Inc. - For authorized use only; O=thawte, Inc.; C=US
    Certificate Serial Number: 600197B746A7EAB4B49AD64B2FF790FB
    SHA-1 Fingerprint: F18B538D1BE903B6A6F056435B171589CAF36BF2
    SHA-256 Fingerprint: 4B03F45807AD70F21BFC2CAE71C9FDE4604C064CF5FFB686BAE5DBAAD7FDD34C

  • Server Distrust After Date: 4/30/2019
    Subject: CN=GeoTrust Primary Certification Authority - G3; OU=(c) 2008 GeoTrust Inc. - For authorized use only; O=GeoTrust Inc.; C=US
    Certificate Serial Number: 15AC6E9419B2794B41F627A9C3180F1F
    SHA-1 Fingerprint: 039EEDB80BE7A03C6953893B20D2D9323A4C2AFD
    SHA-256 Fingerprint: B478B812250DF878635C2AA7EC7D155EAA625EE82916E2CD294361886CD1FBD4

  • Server Distrust After Date: 4/30/2019
    Subject: CN=GeoTrust Primary Certification Authority; O=GeoTrust Inc.; C=US
    Certificate Serial Number: 18ACB56AFD69B6153A636CAFDAFAC4A1
    SHA-1 Fingerprint: 323C118E1BF7B8B65254E2E2100DD6029037F096
    SHA-256 Fingerprint: 37D51006C512EAAB626421F1EC8C92013FC5F82AE98EE533EB4619B8DEB4D06C

  • Server Distrust After Date: 4/30/2019
    Subject: CN=thawte Primary Root CA; OU=Certification Services Division, (c) 2006 thawte, Inc. - For authorized use only; O=thawte, Inc.; C=US
    Certificate Serial Number: 344ED55720D5EDEC49F42FCE37DB2B6D
    SHA-1 Fingerprint: 91C6D6EE3E8AC86384E548C299295C756C817B81
    SHA-256 Fingerprint: 8D722F81A9C113C0791DF136A2966DB26C950A971DB46B4199F4EA54B78BFB9F

  • Server Distrust After Date: 4/30/2019
    Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5; OU=VeriSign Trust Network, (c) 2006 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US
    Certificate Serial Number: 18DAD19E267DE8BB4A2158CDCC6B3B4A
    SHA-1 Fingerprint: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
    SHA-256 Fingerprint: 9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF

  • Server Distrust After Date: 1/1/2020
    Subject: CN=GeoTrust Primary Certification Authority - G2; OU=(c) 2007 GeoTrust Inc. - For authorized use only; O=GeoTrust Inc.; C=US
    Certificate Serial Number: 3CB2F4480A00E2FEEB243B5E603EC36B
    SHA-1 Fingerprint: 8D1784D537F3037DEC70FE578B519A99E610D7B0
    SHA-256 Fingerprint: 5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766

  • Server Distrust After Date: 1/1/2020
    Subject: CN=GeoTrust Global CA; O=GeoTrust Inc.; C=US
    Certificate Serial Number: 023456
    SHA-1 Fingerprint: DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
    SHA-256 Fingerprint: FF856A2D251DCD88D36656F450126798CFABAADE40799C722DE4D2B5DB36A73A

  • Server Distrust After Date: 1/1/2020
    Subject: CN=GeoTrust Universal CA 2; O=GeoTrust Inc.; C=US
    Certificate Serial Number: 01
    SHA-1 Fingerprint: 379A197B418545350CA60369F33C2EAF474F2079
    SHA-256 Fingerprint: A0234F3BC8527CA5628EEC81AD5D69895DA5680DC91D1CB8477F33F878B95B0B

Assignee: nobody → bbeurdouche
Status: NEW → ASSIGNED
Priority: -- → P1
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 3.53
You need to log in before you can comment on or make changes to this bug.