Closed Bug 2021383 Opened 3 months ago Closed 3 months ago

CCADB entries generated 2026-03-05T17:01:08Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ccadb2onercl, Assigned: bwilson)

Details

Attachments

(4 files)

Line delimited issuer/serial pairs
8.53 KB, text/plain
Details
The additions to OneCRL proposed by this bug.
23.06 KB, text/plain
Details
Entries with their names decoded to plain text and hexadecimal serials/hashes.
18.34 KB, text/plain
Details
compare.py-output.txt
20.32 KB, text/plain
Details

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

Assignee: nobody → bwilson
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

These 44 entries in the attachments are correct and are ready for adding to OneCRL:

issuer: /C=US/O=SecureTrust Corporation/CN=SecureTrust CA serial: 06f1ec00e58e9add372c871d25843fdab852d9
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3 serial: 0c3d2f09209d76d81b29fcb3eea66c06
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 serial: 0f5bad3b8d3e07d559529b7cfb6a30b0
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority serial: 07ce18ed087c72eb533e0cda0843a79cd4bf0c
issuer: /C=US/O=SecureTrust Corporation/CN=SecureTrust CA serial: 06f1ec00e80b1baf9870a7c4b6cbe401a32d68
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 serial: 0eab72b62946450c62de692c8265048a
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority serial: 07ce18ecfc0b3372f33e1906c7bf21870e9b38
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority serial: 06ce82d9ad30465cf22697f246b101ec92953b
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority serial: 07ce18ecfec41ab34d32d4c870f19da16397b2
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority serial: 07ce18ed075a180ce72a7e3446fea173e1e749
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3 serial: 05022b8f0977569d822cb0b4b74d5555
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority serial: 06ce82d9a331594530006781829387e40dbcb6
issuer: /C=CN/O=UniTrust/CN=UCA Global G2 Root serial: 63805182bf2320def7ec9aaefb964c61
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority serial: 07bc0b4afe82f017db7966a4589a560b398ca1
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority serial: 06ce82d9a69703aefe5d37d18858c74026b004
issuer: /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 serial: 295458dabf4a3ae3e3f4a8999d48b5fb
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority serial: 07ce18ed00d45857afed9e4038180ac1acba0f
issuer: /C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1 serial: 40019bfc48428234edee4c99e0357073
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority serial: 07ce18ed01fa2fac388ed11c045149591cd809
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority serial: 06ce82d9a20a3797cd878eb3daa41d08680af7
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority serial: 06ce82d9a9d8e29837ef90beaf59dc6551bed6
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority serial: 07ce18ed0549db4432f95e8ba03c9d78446ea9
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority serial: 07ce18ecf57f3863d8cc87419cb7df49c10898
issuer: /C=US/O=SecureTrust Corporation/CN=SecureTrust CA serial: 07ee24a9c4458b9f79bcf9808896598782a472
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority serial: 07ce18ecfae6efea7def67dfdac0959553d47c
issuer: /C=US/O=SecureTrust Corporation/CN=SecureTrust CA serial: 07ce97c57a28c57b5c9ffc53fe69e8639db872
issuer: /C=US/O=SecureTrust Corporation/CN=Secure Global CA serial: 07ce18ed0bd129a5cf75507e9ac79366260cb1
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority serial: 07ce18ecefee27577c1aa3a62888728009963e
issuer: /C=US/O=SecureTrust Corporation/CN=SecureTrust CA serial: 076b9c83a4aca8af581cbef232cad142a73519
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 serial: 01a66577e2755575d4edda5f06e741d1
issuer: /C=CN/O=UniTrust/CN=UCA Global G2 Root serial: 62cefc700fe3ca60b3d51ff162dca400
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority serial: 06ce82d9b07a17cc5376157813389a2930a44a
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority serial: 07ce18ecf8d5bff93eec9391a80d24994c437a
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority serial: 06ce82d9af531423847b85fb677932aaf80508
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 serial: 0c40b9c958224b341c912c34c5742135
issuer: /C=US/O=SecureTrust Corporation/CN=SecureTrust CA serial: 06f1ec00e31e46d341b2b2633ce480d915f81d
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority serial: 07ce18ecf456c9aaf7271e5be9ba26cf263135
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority serial: 06ce82d99fb3b180c281020314a2d1c7640017
issuer: /C=JP/O=SECOM Trust Systems CO.,LTD./CN=Security Communication ECC RootCA1 serial: 1dafaa492a280d4d6ffa6addfcfb3a1a
issuer: /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority serial: 06ce82d9a8b57c104843994dacd79e28633e5f
issuer: /C=US/O=SecureTrust Corporation/CN=SecureTrust CA serial: 076b9c83a240fe8ab30d8e895d1f447d16990e
issuer: /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2 serial: 22b9b154f33c5e5e00
issuer: /C=US/O=SecureTrust Corporation/CN=SecureTrust CA serial: 076b9c83a6f816db07de81ef75d6baf8ea803d
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3 serial: 0950bbde2b07b8bfa44eb03d8174e5a8

Please:

  • Approve at Kinto Staging.
  • Use remote-settings-devtools in a development profile to confirm the OneCRL data in Staging Nightly is as intended. (It may take a while for the changes to show up.)
  • Run the onecrl-entry-checker tool and attach the output to this bug.
Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2021383

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2021383

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2021383

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2021383

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2021383

Attached file compare.py-output.txt
Flags: needinfo?(dkeeler)

Verified that these 44 issuerName-serialNumber pairs are the same as those initially requested in Comment #2.
Please go ahead and move these into Production.

Flags: needinfo?(dkeeler)

Approved in prod.

Flags: needinfo?(dkeeler)

Verified that these 44 CA certificates are contained in OneCRL - see e.g. https://crt.sh/mozilla-onecrl

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: