Closed
Bug 696466
Opened 14 years ago
Closed 11 years ago
Broken CRL links in Included Certificate List webpage
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kathleen.a.wilson, Assigned: kathleen.a.wilson)
Details
The following CRL links are broken in
http://www.mozilla.org/projects/security/certs/included/
E-TUGRA
Error: Firefox can't find the server at crl.e-tugra.com.tr.
Sertifitseerimiskeskus AS
CRL link (http://www.sk.ee/pages.php/0202040202,36)
goes to http://www.sk.ee/error
The links for the following CRLs are not set:
-- GlobalSign Root CA – R3
-- GeoTrust Primary Certificate Authority - G2
-- GeoTrust Primary Certification Authority - G3
-- thawte Primary Root CA - G2
-- thawte Primary Root CA - G3
-- VeriSign Universal Root Certification Authority
-- VeriSign Class 3 Public Primary Certificate Authority - G4
|
Assignee | |
Updated•14 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•14 years ago
|
||
Copying the representatives of the corresponding CAs to this bug...
Please send me the current CRL URLs for the roots listed above.
|
||
Comment 2•14 years ago
|
||
Current CRL URLs for the roots of E-Tugra is right. Let give again
http://crl.e-tugra.com.tr/e-tugra_ksm.crl
|
|
||
Comment 3•14 years ago
|
||
I am very sorry for imcomplete answer.
Even http://crl.e-tugra.com.tr is working,
we have to use http://crl.e-tugra.com (no .tr), certificates are issued with this crl address.
the right crl address for E-Tugra :
http://crl.e-tugra.com/e-tugra_ksm.crl
|
||
Comment 4•14 years ago
|
||
Sertifitseerimiskeskus AS corresponding link is http://www.sk.ee/en/repository/CRL/ or http://www.sk.ee/crls
|
|
Assignee | |
Comment 5•14 years ago
|
||
(In reply to Davut Tokgöz from comment #3)
> the right crl address for E-Tugra :
> http://crl.e-tugra.com/e-tugra_ksm.crl
Thanks!
I have updated the Included Certificate List webpage to use the correct CRL URL for E-TUGRA. I have also confirmed that this CRL URL imports into my Firefox browser.
|
|
Assignee | |
Comment 6•14 years ago
|
||
(In reply to Liisa Lukin from comment #4)
> Sertifitseerimiskeskus AS corresponding link is
> http://www.sk.ee/en/repository/CRL/ or http://www.sk.ee/crls
Thanks!
I have updated the Sertifitseerimiskeskus AS entry on the Included Certificate List webpage to have the CRL link point to http://www.sk.ee/crls.
I have also confirmed that the listed CRLs (except for the 2007 CRLs) import without error into my Firefox browser.
|
|
Assignee | |
Comment 7•14 years ago
|
||
The current status of this bug is that I need CRL URLs for the following certs that are listed in http://www.mozilla.org/projects/security/certs/included/
-- GlobalSign Root CA – R3
-- GeoTrust Primary Certificate Authority - G2
-- GeoTrust Primary Certification Authority - G3
-- thawte Primary Root CA - G2
-- thawte Primary Root CA - G3
-- VeriSign Universal Root Certification Authority
-- VeriSign Class 3 Public Primary Certificate Authority - G4
|
|
Assignee | |
Comment 8•14 years ago
|
||
I have updated the CRL links in the Included Certificates List for the following three certificates, and I have confirmed that the CRLs import without error into my Firefox browser.
-- GeoTrust Primary Certification Authority - G3
-- thawte Primary Root CA - G3
-- VeriSign Universal Root Certification Authority
The following root certificates are not yet active, so the corresponding CRLs are not available at this time.
-- GlobalSign Root CA – R3
-- GeoTrust Primary Certificate Authority - G2
-- thawte Primary Root CA - G2
-- VeriSign Class 3 Public Primary Certificate Authority - G4
Other than these 4 not-yet-active root certificates, I have confirmed that the rest of the CRL links in the Included Certificate List work, and the CRLs import without error into my Firefox browser.
Severity: normal → minor
|
||
Comment 9•14 years ago
|
||
Hi Kathleen. I was on holiday last week so sorry about the delay. The GlobalSign Root CA - R3 works fine in Mozilla. We have a test web site here. https://2029.globalsign.com which is secured through a CA that chains to this root. The CRL that the root signs is available through the CRL CDP in the issuing CA. It's http://crl.globalsign.net/root-r3.crl. If I can be of any other help please let me know.
|
|
Assignee | |
Comment 10•14 years ago
|
||
(In reply to Steve Roylance from comment #9)
Thanks! I've updated the CRL link for the "GlobalSign Root CA - R3" root in
http://www.mozilla.org/projects/security/certs/included/
and I've confirmed that I can import the CRL into my Firefox browser.
Now there are only 3 CRL links that are not set in the Included Certificates List. These root certificates are not yet active, so the corresponding CRLs are not available at this time.
-- GeoTrust Primary Certificate Authority - G2
-- thawte Primary Root CA - G2
-- VeriSign Class 3 Public Primary Certificate Authority - G4
|
||
Comment 11•14 years ago
|
||
The E-TUGRA CRL appears to be published with a MIME type that Firefox doesn't understand: clicking the link simply results in a download prompt.
|
||
Comment 12•11 years ago
|
||
Hi Kathleen,
If I'm understanding this thread right, the CRL links for the active GeoTrust, Thawte and VeriSign root certs have been imported successfully so no further action required. Please confirm.
Thanks,
Rashmi
|
|
Assignee | |
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•8 years ago
|
Product: mozilla.org → NSS
|
||
Updated•3 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•