Closed
Bug 752110
Opened 13 years ago
Closed 13 years ago
Turn off code signing trust bit for Sonera Class2 CA in NSS
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
3.13.6
People
(Reporter: kathleen.a.wilson, Unassigned)
References
Details
(Whiteboard: In FF16)
As per bug #739383, a representative of TeliaSonera has asked us to turn off the Code Signing Trust bit of the "Sonera Class2 CA", because they do not issue code signing certificates.
The specific root cert to change is:
CN = Sonera Class2 CA
O = Sonera
C = FI
SHA1 = 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
Trust Bits that should be on: Websites, Email
|
Reporter | |
Comment 1•13 years ago
|
||
Would a representative of TeliaSonera please confirm that the information above is correct?
|
||
Comment 2•13 years ago
|
||
(In reply to Kathleen Wilson from comment #1)
> Would a representative of TeliaSonera please confirm that the information
> above is correct?
Yes, I confirm that TeliaSonera doesn't issue code signing certificates.
|
||
Comment 3•13 years ago
|
||
Do we need verification by the CA that trust flags are still appropriate?
If we do:
The test build is available at
http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-b51f34a5b5c1/
or from
http://kuix.de/mozilla/tryserver-roots-20120604/
(see initial comments in this bug,
and you should make sure that you're using a fresh profile
to make sure you really see the trust bits provided by this build,
not trust settings that you had set manually in an application profile.)
|
|
Reporter | |
Comment 4•13 years ago
|
||
(In reply to Kai Engert (:kaie) from comment #3)
> Do we need verification by the CA that trust flags are still appropriate?
I installed the test build shown above, and reset my cert store as described here:
https://wiki.mozilla.org/CA:UserCertDB#How_To_Restore_Default_Root_Certificate_Settings
In the Authorities list in the Certificate Manager I see the following trust bits are turned on for the Sonera root certs:
Sonera Class1 CA – Email
Sonera Class2 CA – SSL, Email
Therefore, I confirm that the trust bits are set as requested from TeliaSonera.
Pekka, are you OK with my test, or would you like to perform your own test?
|
|
Reporter | |
Comment 5•13 years ago
|
||
I see that all of the other root changes in bug #757197 have been tested. I think it's fine to go ahead with just my testing for this one, because I have previously confirmed the trust bit settings (per comment #4) several times with the CA.
Thanks,
Kathleen
|
|
||
Comment 6•13 years ago
|
||
I haven't been availeble for some weeks. However, now I confirm that what you did was correct and Comment #4 lists the trust bits for our two CA correctly. I trust Kathleen's tests are OK.
|
|
Reporter | |
Updated•13 years ago
|
Whiteboard: In FF16
Target Milestone: --- → 3.13.6
|
|
Reporter | |
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•