Created attachment 659037 [details] mozilla-root-20120906.crt We are getting ready to update the Mozilla CA certificate, which is referenced on www.mozilla.org: https://wiki.mozilla.org/MozillaRootCertificate We'd like to be able to host both the old and new one simultaneously for a while, so that people can still verify certs signed by the old one... at least long enough for us to find them all and get them out of service. Perhaps the existing one could be renamed in some meaningful way (perhaps based on its origination date), and the new one could be put in place in the current location. I don't know where all it's linked to besides that wiki page, so that might be the best solution.
Created attachment 659039 [details] mozilla-root-20120906.crt.md5sum Matching .md5sum file, although the name in the file will be wrong if we rename things.
Jake: Is this what you are thinking? 1) Rename: https://www.mozilla.com/certs/mozilla-root.crt to https://www.mozilla.com/certs/mozilla-root-2007.crt 2) Upload new cert to: https://www.mozilla.com/certs/mozilla-root.crt
Whiteboard: [u=firefox-user c=bedrock p=1] → [u=firefox-user c=bedrock p=1] [Due date: 2012-10-08]
This will need to be in place and live by October 9th for the release of Firefox 16.
(In reply to Chris More [:cmore] from comment #2) > Jake: Is this what you are thinking? > > 1) > Rename: https://www.mozilla.com/certs/mozilla-root.crt to > https://www.mozilla.com/certs/mozilla-root-2007.crt > > 2) > Upload new cert to: https://www.mozilla.com/certs/mozilla-root.crt Yep, that's pretty much it. However, note there is also a mozilla-root.crt.md5sum that should be updated as well. The exact same treatment should suffice.
Also: we have to be done with *our* bugs by Fx16 release. That means this has to be done much sooner, so that we have time to work on them. Specifically, we can't issue new certs signed by this new root cert until the new root cert is published and available for download. So this bug has to go first. A due date of Oct 8 is far too late for us to be able to do that.
Let's talk to Rik on Monday.
Assignee: nobody → anthony
Component: Bedrock → General
And certs updated with r109173. Should be working in a few minutes at: http://www.mozilla.org/certs/mozilla-root.crt http://www.mozilla.org/certs/mozilla-root.crt.md5sum http://www.mozilla.org/certs/mozilla-root-2007.crt http://www.mozilla.org/certs/mozilla-root-2007.crt.md5sum
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
verified fixed http://www.mozilla.org/certs/mozilla-root.crt http://www.mozilla.org/certs/mozilla-root-2007.crt
Status: RESOLVED → VERIFIED
Verified here also... both certs are correct, and the .md5sum files match what I was expecting (and match the crt files too, of course). Many thanks!
You need to log in before you can comment on or make changes to this bug.