Per bug 406794 I have approved the request from GlobalSign to refresh its existing GlobalSign Root CA certificate with a new certificate with a later expiry date. The relevant information for the new root CA cert is as follows: Name: GlobalSign Root CA SHA-1 fingerprint: B1 BC 96 8B D4 F4 9D 62 2A A8 9A 81 F2 15 01 52 A4 1D 82 9C Root cert URL: http://secure.globalsign.net/cacert/Root-R1.crt Steve, can you please do a final confirmation that this is the correct root? Note: I believe (but need confirmation from those who know more about this than I) that once this new root is added the old GlobalSign Root CA can and should be removed from NSS. In any case you have my approval for that removal if it is appropriate from a technical point of view.
Steve, can you please confirm ASAP?
I intend to remove the old GlobalSign Root CA and replace it with the cert. I intend to keep the existing trust flags, which are currently enabled for all purposes.
Please verify that our intended code change works as expected. Please get Firefox 2 for Windows, move away file nssckbi.dll, get attachment 333022 [details], unzip it and place nssckbi.dll into your firefox 2 installation directory. When you do this you should be able to open certificate manager and find the new root.
No feedback, no inclusion.
The new certificate looks to be correct and the trust flags are marked as expected. Thanks, Steve
Marking fixed, the code change was done in bug 449883.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.