Closed Bug 1855318 Opened 10 months ago Closed 8 months ago

Remove 4 DigiCert (Symantec/Verisign) Root Certificates from NSS

Categories

(NSS :: CA Certificates Code, task, P1)

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: bwilson, Assigned: djackson)

References

Details

(Whiteboard: Removed in NSS 3.94, Firefox 121)

Attachments

(1 file)

Please remove the following 4 root certificates from NSS.

Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6; OU=Symantec Trust Network; O=Symantec Corporation; C=US
Certificate Serial Number: 243275F21D2FD20933F7B46ACAD0F398
SHA-1 Fingerprint: 517F611E29916B5382FB72E744D98DC3CC536D64
SHA-256 Fingerprint: 9D190B2E314566685BE8A889E27AA8C7D7AE1D8AADDBA3C1ECF9D24863CD34B9
(Exp. 2037)

Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6; OU=Symantec Trust Network; O=Symantec Corporation; C=US
Certificate Serial Number: 64829EFC371E745DFC97FF97C8B1FF41
SHA-1 Fingerprint: 40B331A0E9BFE855BC3993CA704F4EC251D41D8F
SHA-256 Fingerprint: CB627D18B58AD56DDE331A30456BC65C601A4E9B18DEDCEA08E7DAAA07815FF0
(Exp. 2037)

Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3; OU=VeriSign Trust Network, (c) 1999 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US
Certificate Serial Number: 008B5B75568454850B00CFAF3848CEB1A4
SHA-1 Fingerprint: 204285DCF7EB764195578E136BD4B7D1E98E46A5
SHA-256 Fingerprint: CBB5AF185E942A2402F9EACBC0ED5BB876EEA3C1223623D00447E4F3BA554B65
(Exp. 2036)

Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3; OU=VeriSign Trust Network, (c) 1999 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US
Certificate Serial Number: 6170CB498C5F984529E7B0A6D9505B7A
SHA-1 Fingerprint: 61EF43D77FCAD46151BC98E0C35912AF9FEB6311
SHA-256 Fingerprint: 92A9D9833FE1944DB366E8BFAE7A95B6480C2D6C6C2A1BE65D4236B608FCA1BB
(Exp. 2036)

These roots are not EV enabled.

Per Bug #1618407 distrust-after for email/SMIME was set to August 31, 2022, for these root certificates in order to give time for existing certificates to expire or be transitioned to other CA hierarchies. So now we're ready to finish removing these root certificates from our root store.

Severity: -- → S1
Priority: -- → P1
Severity: S1 → N/A
Priority: P1 → --
Priority: -- → P1
Assignee: nobody → djackson
Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Whiteboard: October 2023 Batch of Root Changes → Removed in NSS 3.94, Firefox 121
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: