1798526 - Manually add problematic certs to OneCRL

Status: RESOLVED FIXED

(Core :: Security Block-lists, Allow-lists, and other State, task)

Description

[Kathleen Wilson]

Please add the following certificates to OneCRL. manual process

https://crt.sh/?id=4995198000
Issuer: CN=Microsoft RSA Root Certificate Authority 2017; O=Microsoft Corporation; C=US
Serial: 330000002bd354825bc3b1537b00000000002b

https://crt.sh/?id=4995197999
Issuer: CN=Microsoft RSA Root Certificate Authority 2017; O=Microsoft Corporation; C=US
Serial: 330000002c118872baf92b2e5600000000002c

https://crt.sh/?id=4995197998
Issuer: CN=Microsoft RSA Root Certificate Authority 2017; O=Microsoft Corporation; C=US
Serial: 330000002d5f3df82a896d6a3f00000000002d

https://crt.sh/?id=4995198001
Issuer: CN=Microsoft RSA Root Certificate Authority 2017; O=Microsoft Corporation; C=US
Serial: 330000002e99db07378d0f00b600000000002e

https://crt.sh/?id=159384842
Issuer: CN=QuoVadis Enterprise Trust CA 2 G3; O=QuoVadis Limited; C=BM
Serial: 15722C4538CDE50E6CBF4F48F521C25BEC9B5A5E

https://crt.sh/?id=271418958
Issuer: CN=QuoVadis Root CA 2 G3; O=QuoVadis Limited; C=BM
Serial: 107820596210C5BFC0092CE2ABCA189079766E06

https://crt.sh/?id=507425109
Issuer: CN=QuoVadis Root CA 2 G3; O=QuoVadis Limited; C=BM
Serial: 5DCED5064C9E3513C0524AD49972FBC5D37E7713

https://crt.sh/?id=5674244
Issuer: CN=QuoVadis Root CA 3; O=QuoVadis Limited; C=BM
Serial: 657EEBFCABB4B08FFC43946515E02F32405723CF

https://crt.sh/?id=7714552
Issuer: CN=QuoVadis Root CA 3; O=QuoVadis Limited; C=BM
Serial: 171356472D0BE3DDC96B03B6103C15ACA7837386

https://crt.sh/?id=10700546
Issuer: CN=QuoVadis Root CA 3; O=QuoVadis Limited; C=BM
Serial: 4B601BB64E4868D8572CA87E7EDF1A517B65BDBD

https://crt.sh/?id=72490942
Issuer: CN=QuoVadis Root CA 3; O=QuoVadis Limited; C=BM
Serial: 074D7E05EDF8885CDACB24F039FA40629AADFFF8

https://crt.sh/?id=24491545
Issuer: CN=QuoVadis Root CA 3; O=QuoVadis Limited; C=BM
Serial: 169B62744E8C7C77388BAA8BD8F10AD414212D26

https://crt.sh/?id=87718153
Issuer: CN=QuoVadis Root CA 3; O=QuoVadis Limited; C=BM
Serial: 05F4A334090F7B1AE83677D4766BFD32A71E0851

https://crt.sh/?id=73136199
Issuer: CN=QuoVadis Root CA 3; O=QuoVadis Limited; C=BM
Serial: 301AFAC8ACB6D1AB342EB39E684BD912D9F1DDCE

Comment 1

[Dana Keeler (she/her) [:keeler]]

It looks like entryMaker can't handle some of these - I'll have to either fix it or find some workaround.

Comment 2

[Kathleen Wilson]

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #1)

It looks like entryMaker can't handle some of these - I'll have to either fix it or find some workaround.

Maybe entryMaker should have an option to have the Issuer and Serial passed in, instead of the PEM, when the PEM is problematic?

Comment 3

[Dana Keeler (she/her) [:keeler]]

Changes are staged and ready for review:

[15:27:10] Stage-Stage: 1504 Stage-Preview: 1504 Stage-Published: 1490                                                                                                                                  compare.py:67
           Prod-Stage: 1504 Prod-Preview: 1504 Prod-Published: 1490                                                                                                                                     compare.py:75
[15:27:11] Verifying stage against preview                                                                                                                                                              compare.py:82
           stage/security-state-staging (1504) and stage/security-state-preview (1504) are equivalent                                                                                                   compare.py:87
           stage/security-state-staging (1504) and prod/security-state-staging (1504) are equivalent                                                                                                    compare.py:87
           stage/security-state-staging (1504) and prod/security-state-preview (1504) are equivalent                                                                                                    compare.py:87
           stage/security-state-preview (1504) and prod/security-state-staging (1504) are equivalent                                                                                                    compare.py:87
           stage/security-state-preview (1504) and prod/security-state-preview (1504) are equivalent                                                                                                    compare.py:87
           prod/security-state-staging (1504) and prod/security-state-preview (1504) are equivalent                                                                                                     compare.py:87
           There are 14 changes waiting in staging.                                                                                                                                                     compare.py:92
           There are 14 changes waiting in production. Adding:                                                                                                                                          compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDM=',
    'serialNumber': 'MBr6yKy20as0LrOeaEvZEtnx3c4='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDM=',
    'serialNumber': 'BfSjNAkPexroNnfUdmv9MqceCFE='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDM=',
    'serialNumber': 'FptidE6MfHc4i6qL2PEK1BQhLSY='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDM=',
    'serialNumber': 'B01+Be34iFzayyTwOfpAYpqt//g='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDM=',
    'serialNumber': 'S2Abtk5IaNhXLKh+ft8aUXtlvb0='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDM=',
    'serialNumber': 'FxNWRy0L493JawO2EDwVrKeDc4Y='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDM=',
    'serialNumber': 'ZX7r/Ku0sI/8Q5RlFeAvMkBXI88='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzM=',
    'serialNumber': 'Xc7VBkyeNRPAUkrUmXL7xdN+dxM='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzM=',
    'serialNumber': 'EHggWWIQxb/ACSziq8oYkHl2bgY='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MFQxCzAJBgNVBAYTAkJNMRkwFwYDVQQKDBBRdW9WYWRpcyBMaW1pdGVkMSowKAYDVQQDDCFRdW9WYWRpcyBFbnRlcnByaXNlIFRydXN0IENBIDIgRzM=',
    'serialNumber': 'FXIsRTjN5Q5sv09I9SHCW+ybWl4='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MGUxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBSU0EgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNw==',
    'serialNumber': 'MwAAAC6Z2wc3jQ8AtgAAAAAALg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MGUxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBSU0EgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNw==',
    'serialNumber': 'MwAAAC1fPfgqiW1qPwAAAAAALQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MGUxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBSU0EgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNw==',
    'serialNumber': 'MwAAACwRiHK6+SsuVgAAAAAALA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1798526', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': True,
    'issuerName': 'MGUxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBSU0EgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNw==',
    'serialNumber': 'MwAAACvTVIJbw7FTewAAAAAAKw=='
}

Comment 4

[Kathleen Wilson]

Approved at Staging.

Comment 5

[Kathleen Wilson]

Dana confirmed the data in Staging Nightly, so I have approved at Production.

Comment 6

[Kathleen Wilson]

Verified in my Firefox profile.