Refresh the GlobalSign Root CA cert in NSS

RESOLVED FIXED

Status

--
enhancement
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: hecker, Assigned: kaie)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

10 years ago
Per bug 406794 I have approved the request from GlobalSign to refresh its existing GlobalSign Root CA certificate with a new certificate with a later expiry date.

The relevant information for the new root CA cert is as follows:

Name: GlobalSign Root CA
SHA-1 fingerprint:
B1 BC 96 8B D4 F4 9D 62 2A A8 9A 81 F2 15 01 52 A4 1D 82 9C
Root cert URL:
http://secure.globalsign.net/cacert/Root-R1.crt

Steve, can you please do a final confirmation that this is the correct root?

Note: I believe (but need confirmation from those who know more about this than I) that once this new root is added the old GlobalSign Root CA can and should be removed from NSS. In any case you have my approval for that removal if it is appropriate from a technical point of view.
(Reporter)

Updated

10 years ago
Blocks: 446409
(Assignee)

Comment 1

10 years ago
Steve, can you please confirm ASAP?
(Assignee)

Comment 2

10 years ago
I intend to remove the old GlobalSign Root CA
and replace it with the cert.

I intend to keep the existing trust flags, which are currently enabled for all purposes.
(Assignee)

Updated

10 years ago
Depends on: 449883
(Assignee)

Comment 3

10 years ago
Please verify that our intended code change works as expected.
Please get Firefox 2 for Windows, move away file nssckbi.dll, get attachment 333022 [details], unzip it and place nssckbi.dll into your firefox 2 installation directory.
When you do this you should be able to open certificate manager and find the new root.
(Assignee)

Comment 4

10 years ago
No feedback, no inclusion.

Comment 5

10 years ago
The new certificate looks to be correct and the trust flags are marked as expected.

Thanks,

Steve
(Assignee)

Comment 6

10 years ago
Marking fixed, the code change was done in bug 449883.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.