new Mozilla Root cert

VERIFIED FIXED in Future

Status

VERIFIED FIXED
6 years ago
6 years ago

People

(Reporter: nmaul, Assigned: rik)

Tracking

unspecified
Future

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [u=firefox-user c=bedrock p=1] [Due date: 2012-10-08], URL)

Attachments

(2 attachments)

(Reporter)

Description

6 years ago
Created attachment 659037 [details]
mozilla-root-20120906.crt

We are getting ready to update the Mozilla CA certificate, which is referenced on www.mozilla.org:

https://wiki.mozilla.org/MozillaRootCertificate

We'd like to be able to host both the old and new one simultaneously for a while, so that people can still verify certs signed by the old one... at least long enough for us to find them all and get them out of service.

Perhaps the existing one could be renamed in some meaningful way (perhaps based on its origination date), and the new one could be put in place in the current location. I don't know where all it's linked to besides that wiki page, so that might be the best solution.
(Reporter)

Comment 1

6 years ago
Created attachment 659039 [details]
mozilla-root-20120906.crt.md5sum

Matching .md5sum file, although the name in the file will be wrong if we rename things.

Updated

6 years ago
Component: Pages & Content → Bedrock

Updated

6 years ago
Target Milestone: --- → Future

Updated

6 years ago
Whiteboard: [u=firefox-user c=bedrock p=1]

Updated

6 years ago
Whiteboard: [u=firefox-user c=bedrock p=1] → [u=firefox-user c=bedrock p=1] [Due date: 2012-10-08]

Comment 3

6 years ago
This will need to be in place and live by October 9th for the release of Firefox 16.
(Reporter)

Comment 4

6 years ago
(In reply to Chris More [:cmore] from comment #2)
> Jake: Is this what you are thinking?
> 
> 1)
> Rename: https://www.mozilla.com/certs/mozilla-root.crt to
> https://www.mozilla.com/certs/mozilla-root-2007.crt
> 
> 2)
> Upload new cert to: https://www.mozilla.com/certs/mozilla-root.crt

Yep, that's pretty much it. However, note there is also a mozilla-root.crt.md5sum that should be updated as well. The exact same treatment should suffice.
(Reporter)

Comment 5

6 years ago
Also: we have to be done with *our* bugs by Fx16 release. That means this has to be done much sooner, so that we have time to work on them.

Specifically, we can't issue new certs signed by this new root cert until the new root cert is published and available for download. So this bug has to go first. A due date of Oct 8 is far too late for us to be able to do that.

Comment 6

6 years ago
Let's talk to Rik on Monday.
(Assignee)

Comment 7

6 years ago
Updated the .htaccess to allow the new URL including 2007 to work. In trunk with r109170, stage with r109171 and prod with r109172.
(Assignee)

Updated

6 years ago
Assignee: nobody → anthony
Component: Bedrock → General
(Assignee)

Comment 8

6 years ago
And certs updated with r109173.

Should be working in a few minutes at:
http://www.mozilla.org/certs/mozilla-root.crt
http://www.mozilla.org/certs/mozilla-root.crt.md5sum
http://www.mozilla.org/certs/mozilla-root-2007.crt
http://www.mozilla.org/certs/mozilla-root-2007.crt.md5sum
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Reporter)

Comment 10

6 years ago
Verified here also... both certs are correct, and the .md5sum files match what I was expecting (and match the crt files too, of course).

Many thanks!
You need to log in before you can comment on or make changes to this bug.