Closed Bug 1710716 Opened 3 years ago Closed 3 years ago

Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority, Sonera Class2 CA

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Version:
3.66
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Assigned: kathleen.a.wilson)

Details

(Whiteboard: June 2021 Batch of Root Changes)

Attachments

(2 files)

Bug 1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. r=KathleenWilson
48 bytes, text/x-phabricator-request
Details | Review
Bug 1710716 - Remove Expired Sonera Class2 CA from NSS. r=KathleenWilson
48 bytes, text/x-phabricator-request
Details | Review

Please remove the following two expired root certificates from NSS:

CN=QuoVadis Root Certification Authority; OU=Root Certification Authority; O=QuoVadis Limited; C=BM
Valid To: 3/17/2021
Certificate Serial Number: 3AB6508B
SHA-1 Fingerprint: DE3F40BD5093D39B6C60F6DABC076201008976C9
SHA-256 Fingerprint: A45EDE3BBBF09C8AE15C72EFC07268D693A21C996FD51E67CA079460FD6D8873
Mozilla Trust Bits: Email;Websites
Not EV

CN=Sonera Class2 CA; O=Sonera; C=FI
Valid To: 4/6/2021
Certificate Serial Number: 1D
SHA-1 Fingerprint: 37F76DE6077C90C5B13E931AB74110B4F2E49A27
SHA-256 Fingerprint: 7908B40314C138100B518D0735807FFBFCF8518A0095337105BA386B153DD927
Mozilla Trust Bits: Email;Websites
Not EV

Stephen, for the QuoVadis Root Certification Authority, should we remove the root certificate from Mozilla's root store? Or should we only disable the Websites trust bit? (i.e. Do people still depend on that root certificate being included for S/MIME?)

Pekka, for the Sonera Class2 CA root, should we remove the root certificate from Mozilla's root store? Or should we only disable the Websites trust bit? (i.e. Do people still depend on that root certificate being included for S/MIME?)

Flags: needinfo?(stephen.davidson)
Flags: needinfo?(pekka.lahtiharju)

Expired Sonera Class2 CA may be removed. It isn't any more used anywhere.

Hopefully our new replacement root "Telia Root CA v2" will be added soon (application was done 8 months ago). Until it is included we continue using "TeliaSonera Root CA v1".

Flags: needinfo?(pekka.lahtiharju)

Kathleen, thank you for confirming! QuoVadis Root Certification Authority may be removed.

Component: CA Certificate Root Program → CA Certificates Code
QA Contact: kwilson
Whiteboard: June 2021 Batch of Root Changes
Summary: Expired Root Certificates - QuoVadis Root Certification Authority, Sonera Class2 CA → Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority, Sonera Class2 CA
Version: trunk → 3.66
Flags: needinfo?(stephen.davidson)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: