Closed Bug 446407 Opened 15 years ago Closed 15 years ago

Refresh the GlobalSign Root CA cert in NSS


(NSS :: Libraries, enhancement)

Not set


(Not tracked)



(Reporter: hecker, Assigned: KaiE)



Per bug 406794 I have approved the request from GlobalSign to refresh its existing GlobalSign Root CA certificate with a new certificate with a later expiry date.

The relevant information for the new root CA cert is as follows:

Name: GlobalSign Root CA
SHA-1 fingerprint:
B1 BC 96 8B D4 F4 9D 62 2A A8 9A 81 F2 15 01 52 A4 1D 82 9C
Root cert URL:

Steve, can you please do a final confirmation that this is the correct root?

Note: I believe (but need confirmation from those who know more about this than I) that once this new root is added the old GlobalSign Root CA can and should be removed from NSS. In any case you have my approval for that removal if it is appropriate from a technical point of view.
Blocks: 446409
Steve, can you please confirm ASAP?
I intend to remove the old GlobalSign Root CA
and replace it with the cert.

I intend to keep the existing trust flags, which are currently enabled for all purposes.
Depends on: 449883
Please verify that our intended code change works as expected.
Please get Firefox 2 for Windows, move away file nssckbi.dll, get attachment 333022 [details], unzip it and place nssckbi.dll into your firefox 2 installation directory.
When you do this you should be able to open certificate manager and find the new root.
No feedback, no inclusion.
The new certificate looks to be correct and the trust flags are marked as expected.


Marking fixed, the code change was done in bug 449883.
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.