Closed Bug 1645199 Opened 11 months ago Closed 11 months ago

Remove Expired AddTrust root certs from NSS

Categories

(NSS :: CA Certificates Code, enhancement, P1)

3.54
enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kwilson, Assigned: jcj)

References

Details

Attachments

(1 file)

Please remove the following two expired AddTrust root certs from NSS.

Subject/Issuer: CN=AddTrust Class 1 CA Root; OU=AddTrust TTP Network;
O=AddTrust AB; C=SE
Valid To (GMT): 5/30/2020
SHA-1 Fingerprint: CCAB0EA04C2301D6697BDD379FCD12EB24E3949D
SHA-256 Fingerprint:
8C7209279AC04E275E16D07FD3B775E80154B5968046E31F52DD25766324E9A7

Subject/Issuer: CN=AddTrust External CA Root; OU=AddTrust External TTP
Network; O=AddTrust AB; C=SE
Valid To (GMT): 5/30/2020
SHA-1 Fingerprint: 02FAF3E291435468607857694DF5E45B68851868
SHA-256 Fingerprint:
687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2
** Mozilla EV Policy OID(s): 1.3.6.1.4.1.6449.1.2.1.5.1

Assignee: nobody → jjones
Severity: -- → S3
Status: NEW → ASSIGNED
Priority: -- → P1

Remove the following two expired AddTrust root certs from NSS.

Subject/Issuer: CN=AddTrust Class 1 CA Root; OU=AddTrust TTP Network;
O=AddTrust AB; C=SE
Valid To (GMT): 5/30/2020
SHA-1 Fingerprint: CCAB0EA04C2301D6697BDD379FCD12EB24E3949D
SHA-256 Fingerprint:
8C7209279AC04E275E16D07FD3B775E80154B5968046E31F52DD25766324E9A7

Subject/Issuer: CN=AddTrust External CA Root; OU=AddTrust External TTP
Network; O=AddTrust AB; C=SE
Valid To (GMT): 5/30/2020
SHA-1 Fingerprint: 02FAF3E291435468607857694DF5E45B68851868
SHA-256 Fingerprint:
687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2

Mozilla EV Policy OID(s): 1.3.6.1.4.1.6449.1.2.1.5.1

Depends on D79369

Status: ASSIGNED → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → 3.54

Please remove these two expired certificates from 78.5.0esr (64-bit).

(In reply to Justin from comment #3)

Please remove these two expired certificates from 78.5.0esr (64-bit).

Please help me understand why the expired root certs need to be removed from ESR 78. What harm do you see in them still being there?

You need to log in before you can comment on or make changes to this bug.