Remove Trustis FPS Root CA from NSS
Categories
(NSS :: CA Certificates Code, task)
Tracking
(Not tracked)
People
(Reporter: kathleen.a.wilson, Unassigned)
Details
(Whiteboard: June 2021 Batch of Root Changes)
Attachments
(1 file)
Please remove the following root certificate from NSS:
OU=Trustis FPS Root CA; O=Trustis Limited; C=GB
Certificate Serial Number: 1B1FADB620F924D3366BF7C7F18CA059
SHA-1 Fingerprint: 3BC0380B33C3F6A60C86152293D9DFF54B81C004
SHA-256 Fingerprint: C1B48299ABA5208FE9630ACE55CA68A03EDA5A519C8802A0D3A673BE8F8E557D
Trust Bits: Email , Websites
Not EV
Currently this root has CKA_NSS_SERVER_DISTRUST_AFTER set to July 1, 2020 per Bug #1634584.
The CA has indicated that this root certificate is ready for removal, and stated: "I can confirm no new certificates have been issued since January 2018 and all expired as of January 2021."
Reporter | ||
Comment 1•4 years ago
|
||
Blake, This root certificate has both the Email (S/MIME) and Websites (TLS) trust bits enabled for it. We only set the distrust-after for Websites (TLS). Is this root certificate no longer needed for S/MIME purposes?
Comment 2•4 years ago
|
||
Hi Kathleen, The Sub CA is not signing anything so yes, please go ahead and set distrust for S/MIME.
Reporter | ||
Comment 3•4 years ago
|
||
Thanks, Blake. We will proceed with removing this certificate in the next batch of root changes for NSS.
Comment 4•4 years ago
|
||
Comment 5•4 years ago
|
||
Description
•