Closed Bug 1919913 Opened 11 months ago Closed 9 months ago

Remove Websites Trust Bit from Entrust Root Certification Authority - G4

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bwilson, Assigned: bwilson)

References

Details

Attachments

(1 file)

Bug 1919913 - remove Websites Trust Bit from Entrust Root Certification Authority - G4. r=bwilson
48 bytes, text/x-phabricator-request
Details | Review

Our understanding is that the Entrust Root Certification Authority - G4 is not being used to issue TLS server certificates. We were planning on implementing a distrust-after date of November 30, 2024 for TLS certificates issued under this root. However, this bug proposes a removal of the trust bit altogether before that November date.

Blocks: 1922392

CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR should be changed to:
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
for

Entrust Root Certification Authority - G4
Certificate Serial Number: 00D9B5437FAFA9390F000000005565AD58
SHA-1 Fingerprint: 14884E862637B026AF59625C4077EC3529BA9601
SHA-256 Fingerprint: DB3517D1F6732A2D5AB97C533EC70779EE3270A62FB4AC4238372460E6F01E88

Component: CA Certificate Root Program → CA Certificates Code
Product: CA Program → NSS
Version: other → unspecified

https://hg.mozilla.org/projects/nss/rev/5751b6bae365bbb7590c8f6afb62712ff6baed8a

Status: ASSIGNED → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: