Closed
Bug 907347
Opened 11 years ago
Closed 7 years ago
Revoked Intermediate Cert info from GlobalSign
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kathleen.a.wilson, Unassigned)
References
Details
As per the recent CA Communication (https://wiki.mozilla.org/CA:Communications#July_30.2C_2013) GlobalSign sent the following information about their revoked intermediate certificates. The oldest 'Partners' CA https://secure.globalsign.net/cacert/Partners.crt is due to expire on the 27th Jan 2014. We revoked 4 certs in July 2012 as a clean up exercise. The CRL for this service is http://crl.globalsign.net/Partners.crl. Serial Number: 04000000000109F8623BEB Revocation Date: Jul 5 18:00:00 2012 GMT Expiry Date was 26th Jan 2014 Serial Number: 0400000000011E1C35BF07 Revocation Date: Jul 5 18:00:00 2012 GMT Expiry Date was 1st Nov 2012 Serial Number: 040000000001085884A7DB Revocation Date: Jul 5 18:00:00 2012 GMT Expiry Date was 27th Jan 2014 Serial Number: 0400000000011764DBF017 Revocation Date: Jul 5 18:00:00 2012 GMT Expiry Date was 26th Jan 2014 A newer RootSign Partners CA https://secure.globalsign.net/cacert/RootSignPartners-R1.crt expires in 2028 (Originally also 2014 https://secure.globalsign.net/cacert/RootSignPartners.crt but boosted to 2028 in 2008) and therefore we still have partners using. We have revoked in the past and we will continue to revoke in the future certificates owned by customers who have moved across to the latest Name Constraints based service we created in 2012. The CRL for this service is http://crl.globalsign.net/RootSignPartners.crl. Serial Number: 040000000001094550F4DA Revocation Date: Jan 3 06:00:00 2013 GMT Expiry Date was 7th Feb 2013 Serial Number: 04000000000100FA6E561D Revocation Date: Dec 8 06:00:00 2011 GMT Expiry Date was 4th Dec 2013 Serial Number: 040000000001047628205B Revocation Date: Dec 8 06:00:00 2011 GMT Expiry Date was 13th Jun 2012 Serial Number: 0400000000011E4487952A Revocation Date: Jul 8 06:00:00 2013 GMT Expiry Date was 17th Dec 2018 Serial Number: 04000000000100998F8DF4 Revocation Date: Jul 5 18:00:00 2012 GMT Expiry Date was 3rd Dec 2013 Serial Number: 040000000000F97FC62329 Revocation Date: Dec 8 06:00:00 2011 GMT Expiry Date was 16th Dec 2013 Serial Number: 04000000000118C1B41A6C Revocation Date: Jul 8 06:00:00 2013 GMT Expiry Date was 18th Mar 2018 Serial Number: 04000000000118C1A37ED6 Revocation Date: Jul 8 06:00:00 2013 GMT Expiry Date was 18th Mar 2018 Serial Number: 04000000000127FB9F420F Revocation Date: Jul 8 06:00:00 2013 GMT Expiry Date was 25th Nov 2019 Serial Number: 0400000000012945C3AB1C Revocation Date: Jul 8 06:00:00 2013 GMT Expiry Date was 17th Jun 2020 Serial Number: 0400000000011C944A3290 Revocation Date: Jul 5 18:00:00 2012 GMT Expiry Date was 24th Sep 2018 Serial Number: 0400000000012596C45382 Revocation Date: Jul 8 06:00:00 2013 GMT Expiry Date was 16th Dec 2019 Serial Number: 0400000000011C944A3669 Revocation Date: Jul 8 06:00:00 2013 GMT Expiry Date was 24th Sep 2018 Serial Number: 04000000000103F037E445 Revocation Date: Dec 8 06:00:00 2011 GMT Expiry Date was 18th May 2012 The final service is the newest and it's called Trusted Root http://secure.globalsign.com/cacert/trustrootg2.crt. It has a CRL http://crl.globalsign.com/gs/trustrootg2.crl but has no revoked certificates. GlobalSign has not revoked any issuing certificates from our own infrastructure.
Comment 1•10 years ago
|
||
Apologies for updating this bug later than planned. GlobalSign revoked the following certificates on the 4th March from the Trusted Root CA. ie http://secure.globalsign.com/cacert/trustrootg2.crt. It has a CRL http://crl.globalsign.com/gs/trustrootg2.crl Serial Number: 39804a831107a56ffc5c6006025bc9c8c0 Revocation Date: Mar 4 01:00:00 2014 GMT Expiry Date was 11th Oct 2016 Serial Number: 7bf7c87e0d838f6b64608595bb6afcd827 Revocation Date: Mar 4 01:00:00 2014 GMT Expiry Date was 19th March 2018 Serial Number: 61124d7cca1cd76229996f849e9bf73dda Revocation Date: Mar 4 01:00:00 2014 GMT Expiry Date was 30th April 2018 Serial Number: 515f5a68378d44db50b978d1624e129218 Revocation Date: Mar 4 01:00:00 2014 GMT Expiry Date was 18th April 2018 GlobalSign has also started to issue SHA256 based certificates from the Trusted Root SHA256 CA created at the same time as the SHA1 CA in April 2014. The CA is http://secure.globalsign.com/cacert/trustrootsha2g2.crt It has a CRL http://crl.globalsign.com/gs/trustrootsha2g2.crl but has no revoked certificates. Both Trusted Root and Trusted Root SHA256 implement non critical Name Constraints on all CAs they issue. Remaining RootSign Partner CAs are all in revocation mode only and will be revoked periodically over the next 18 months as certificates they issued naturally expire.
Comment 2•10 years ago
|
||
GlobalSign has been working hard to move many customers over to either a disclosed and audited model or technical constraints. As such we have performed a revocation ceremony in May (earlier than our usual July/Jan ceremonies to aid compliance to Mozilla's May 30th deadlines) i.e. to clear some of the remaining CA's that have moved from CRL only mode to End of Life. http://crl.globalsign.net/RootSignPartners.crl has been updated. Serial Number: 0400000000011e44878f3f Revocation Date: May 14th 07:00:00 2014 GMT Expiry Date was 17th Dec 2018 Serial Number: 04000000000127fb9f45d8 Revocation Date: May 14th 07:00:00 2014 GMT Expiry Date was 14th April 2020 Serial Number: 0400000000012ccffbaa39 Revocation Date: May 14th 07:00:00 2014 GMT Expiry Date was 10th Dec 2020 Serial Number: 04000000000132b4bbb768 Revocation Date: May 14th 07:00:00 2014 GMT Expiry Date was 29th Sept 2021 The next scheduled revocation ceremony to update this bug will be September 2014
Comment 3•10 years ago
|
||
We shall continue to present revocation information here as it's a useful repository for other root programs. GlobalSign has performed the following CA based revocations in August and September. http://crl.globalsign.com/gs/trustrootg2.crl has been updated. Serial Number: 00b0f35c09213d3648378f2e48375c5ed9 Revocation Date: 3rd September 2014 01:00:00 2014 GMT Expiry Date was 30th April 2018 Serial Number: 17b3c08f0da4d1d4d7e5eb1c3e7c95381a Revocation Date: 3rd September 2014 01:00:00 2014 GMT Expiry Date was 28th November 2018 Serial Number: 514dc03f548cc66ca1045abb31115999fd Revocation Date: 3rd September 2014 01:00:00 2014 GMT Expiry Date was 13th October 2019 http://crl.globalsign.net/RootSignPartners.crl has been updated. Serial Number: 0400000000012507408e29 Revocation Date: 3rd September 2014 01:00:00 2014 GMT Expiry Date was 18th Nov 2019 Serial Number: 040000000001331bc2f5b9 Revocation Date: 3rd September 2014 01:00:00 2014 GMT Expiry Date was 19th October 2021 http://crl.globalsign.net/PrimObject.crl has been updated to close down two operational CAs that have ceased to issue certificates. Serial Number: 0400000000011e44a5ecbe Revocation Date: 26th August 2014 07:00:00 2014 GMT Expiry Date was 27 January 2017 Serial Number: 0400000000011e44a5ecbe Revocation Date: 26th August 2014 07:00:00 2014 GMT Expiry Date was 27 January 2017
Comment 4•9 years ago
|
||
http://crl.globalsign.net/RootSignPartners.crl has been updated. Serial Number: 040000000001281fce1aa2 Revocation Date: 4th January 06:00:00 2015 GMT Expiry Date was 21th April 2020
Updated•9 years ago
|
Comment 5•9 years ago
|
||
Over the last 2 quarters GlobalSign has been doing some administration work on our subordinate CAs. These should have been added in November 2014, but the update to this bug was missed. The revocations performed in November, as well as adding to the ones list previously, focused on revoking CA's by the roots (not previously done) which had been deprecated for some time (in terms of the CA's that we offer to customers in PKCS#7 chains when subscribers purchase certificates) and decommissioning of older CAs which supported technology such as SGC. None of these were 'critical', however as Mozilla is now actively including revoked CA's (via https://bugzilla.mozilla.org/show_bug.cgi?id=1155145) then here are the additional CRLs which need to be included. http://crl.globalsign.net/root.crl contains 4 entries. Serial Number: 0400000000011e44a5e404 Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 27 January 2022 Serial Number: 0400000000012945c3a80f Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 17 June 2020 Serial Number: 0400000000012019c18d68 Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 27 January 2017 Serial Number: 0400000000012c5e7f1a88 Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 28 January 2028 http://crl.globalsign.net/root-r2.crl contains 4 entries. Serial Number: 040000000001220d3c0f75 Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 15 December 2021 Serial Number: 040000000001220d3c14c5 Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 15 December 2021 Serial Number: 040000000001100b8ca11b Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 15 December 2021 Serial Number: 04000000000127fbf76700 Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 15 December 2021 http://crl.globalsign.net/root-r3.crl contains 3 entries. Serial Number: 0400000000013189c646ec Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 2 August 2022 Serial Number: 04000000000125071040dd Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 18 March 2019 Serial Number: 04000000000125071044d5 Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 18 March 2019 http://crl.globalsign.com/gs/trustrootg2.crl was also updated with 5 entries. Serial Number: 6c03ab29232c980d0c2c9c80279051b143 Revocation Date: Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 16 July 2018 Serial Number: 0c093d872f038474a8f9a41eb6f3c1fdf6 Revocation Date: Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 18 April 2018 Serial Number: 3b64bdf65554c44acb4a4e7a1af591bfe1 Revocation Date: Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 28 November 2018 Serial Number: 17b3c08f0da4d1d4d7e5eb1c3e7c95381a Revocation Date: Revocation Date: 25th November 2014 01:00:00 GMT Expiry Datewas 28 November 2018 Serial Number: 32ad0fea8d371439340766e727e9983c6a Revocation Date: Revocation Date: 25th November 2014 01:00:00 GMT Expiry Date was 13 December 2017
Comment 6•9 years ago
|
||
http://crl.globalsign.net/RootSignPartners.crl has been updated with Serial Number: 0400000000011e4487922d Revocation Date: 4th July 06:00:00 2015 GMT Expiry Date was 17th December 2018 This revocation is not compromises, this is to ensure the hierarchy remains clean as we've closed down old products which no longer issue.
Comment 7•8 years ago
|
||
A final long life CRL of http://crl.globalsign.net/RootSignPartners.crl has been updated with the 3 below additional revocations, serial number: 04000000000116aa006682 revocation date: Mon Jan 04 06:00:00 GMT 2016 Expiry Date was 5th December 2017 serial number: 04000000000133a777674b revocation date: Mon Jan 04 06:00:00 GMT 2016 Expiry Date was 15th November 2016 serial number: 0400000000012c5e7f1d76 revocation date: Mon Jan 04 06:00:00 GMT 2016 Expiry Date was 18th November 2020 These revocations are not compromises, thy are to ensure the hierarchy remains clean as we've closed down old products which no longer issue.
Comment 8•8 years ago
|
||
After 4th Jan 2016, there will be no active CAs running under RootSignPartners CA. To mitigate potential risks, we revoked RootSignPartners CA on 7th Jan 2016 from its issuer Root R1. So now http://crl.globalsign.net/root.crl contains 1 more entry (in total 5 entries now), Serial Number: 040000000001154b5ac5a7 Revocation Date: 7th January 2016 00:00:00 GMT Expiry Date was 28th January 2028 As such, the following 3 non-expired but deprecated certificates are also effectively revoked, Serial Number: 040000000001163e9ea34b Effective Revocation Date: 7th January 2016 00:00:00 GMT Expiry Date was 06th August 2022 Serial Number: 04000000000127fb9f4962 Effective Revocation Date: 7th January 2016 00:00:00 GMT Expiry Date was 14th April 2020 Serial Number: 040000000001325855d4a2 Effective Revocation Date: 7th January 2016 00:00:00 GMT Expiry Date was 27th September 2021 All the above (effective) revocations are not compromises, they are to ensure the hierarchy remains clean as we've closed down old products which no longer issue.
Comment 9•8 years ago
|
||
http://crl.globalsign.com/gs/trustrootg2.crl was also updated with 1 entries, Serial Number: 195284f98010af6326bb38bc514d056df8 Revocation Date: Wednesday, May 18, 2016 00:00:00 AM GMT Expiry Date was 28 May 2019 This revocation is not compromises, it is to ensure the hierarchy remains clean as we've closed down old products which no longer issue.
Reporter | ||
Comment 10•8 years ago
|
||
All of the non-expired revoked intermediate certificate listed in the Description have been added to OneCRL.
Reporter | ||
Comment 11•8 years ago
|
||
I will check back on the remaining non-expired revoked intermediate certificates listed in this bug when we have finished adding all of the revoked intermediate certificates in Salesforce to OneCRL.
Reporter | ||
Comment 12•7 years ago
|
||
(In reply to Steve Roylance from comment #1) > Apologies for updating this bug later than planned. GlobalSign revoked the > following certificates on the 4th March from the Trusted Root CA. ie > http://secure.globalsign.com/cacert/trustrootg2.crt. It has a CRL > http://crl.globalsign.com/gs/trustrootg2.crl > > Serial Number: 39804a831107a56ffc5c6006025bc9c8c0 Revocation Date: Mar 4 > 01:00:00 2014 Added to OneCRL > Serial Number: 7bf7c87e0d838f6b64608595bb6afcd827 Revocation Date: Mar 4 > 01:00:00 2014 Not found in CCADB. > Serial Number: 61124d7cca1cd76229996f849e9bf73dda Revocation Date: Mar 4 > 01:00:00 2014 Not found in CCADB. > Serial Number: 515f5a68378d44db50b978d1624e129218 Revocation Date: Mar 4 > 01:00:00 2014 Not found in CCADB.
Comment 13•7 years ago
|
||
(In reply to Kathleen Wilson from comment #12) > (In reply to Steve Roylance from comment #1) > > Apologies for updating this bug later than planned. GlobalSign revoked the > > following certificates on the 4th March from the Trusted Root CA. ie > > http://secure.globalsign.com/cacert/trustrootg2.crt. It has a CRL > > http://crl.globalsign.com/gs/trustrootg2.crl > > > > Serial Number: 39804a831107a56ffc5c6006025bc9c8c0 Revocation Date: Mar 4 > > 01:00:00 2014 > > Added to OneCRL > > > Serial Number: 7bf7c87e0d838f6b64608595bb6afcd827 Revocation Date: Mar 4 > > 01:00:00 2014 > > Not found in CCADB. This one has EKUs and NCs, considered as technically constrained, so it is not disclosed in Salesforce. Below is its pem, -----BEGIN CERTIFICATE----- MIIGljCCBX6gAwIBAgIRe/fIfg2Dj2tkYIWVu2r82CcwDQYJKoZIhvcNAQEFBQAw XDELMAkGA1UEBhMCQkUxFTATBgNVBAsTDFRydXN0ZWQgUm9vdDEZMBcGA1UEChMQ R2xvYmFsU2lnbiBudi1zYTEbMBkGA1UEAxMSVHJ1c3RlZCBSb290IENBIEcyMB4X DTEzMDMxOTAwMDAwMFoXDTE4MDMxOTAwMDAwMFowfTELMAkGA1UEBhMCVVMxGTAX BgNVBAoTEEFUVCBTZXJ2aWNlcyBJbmMxGzAZBgNVBAsTEkFUVCBXaS1GaSBTZXJ2 aWNlczE2MDQGA1UEAxMtQVRUIFdpLUZpIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNh dGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkz0T VUrWsop/D05aA7XEWifAcN70J97EPYiMGB81Lk3/LeOFWXQwYLBVqFiSETezQco+ D+72dYZCx2lGIA1X9/A/D3Xo1DdQs6bPLKFstQQ6o0E/tEh1RUoyd0fzvBQ9pVHh kOjvx94kZ3+0dlJx8lERO9NMvos6ybmlb17JVy021/mCv+zr7MjBzVi66YcyvtDX JU0AqO/lcNLXSe3y85gXZGeqJNNkHG4RwzB3DWoEcP+USGWoglnh3jCYujcbhAw1 tAPtWsNP8D4LpHJfex7nkssVIA6D0q+EYhiWFI85nRqMGfaSRab1semGd3ULyyNG rXC+tzOCf8casNl4eQIDAQABo4IDMDCCAywwDgYDVR0PAQH/BAQDAgEGMIHfBgNV HSAEgdcwgdQwQQYJKwYBBAGgMgE8MDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3 Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMIGOBgsrBgEEAaNIg30BATB/MC8G CCsGAQUFBwIBFiNodHRwOi8vY3JsLnBraS53YXlwb3J0Lm5ldC9jcHMuaHRtbDBM BggrBgEFBQcCAjBADD5Db3B5cmlnaHQgKGMpIDIwMTEtMjAxMyBBVFQgV2ktRmkg U2VydmljZXMgQWxsIFJpZ2h0cyBSZXNlcnZlZDASBgNVHRMBAf8ECDAGAQH/AgEB MIH0BgNVHR4EgewwgemggbQwDYILd2F5cG9ydC5uZXQwDYILYXR0d2lmaS5jb20w EIIOc3VwZXJjbGljay5uZXQwEIIOc3VwZXJjbGljay5jb20wDYELd2F5cG9ydC5u ZXQwDYELYXR0d2lmaS5jb20wEIEOc3VwZXJjbGljay5uZXQwEIEOc3VwZXJjbGlj ay5jb20wLqQsMCoxCzAJBgNVBAYTAlVTMRswGQYDVQQKExJBVFQgV2ktRmkgU2Vy dmljZXOhMDAKhwgAAAAAAAAAADAihyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAADAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJ MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3Mv dHJ1c3Ryb290ZzIuY3JsMIGEBggrBgEFBQcBAQR4MHYwMwYIKwYBBQUHMAGGJ2h0 dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS90cnVzdHJvb3RnMjA/BggrBgEFBQcw AoYzaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvdHJ1c3Ryb290 ZzIuY3J0MB0GA1UdDgQWBBTPSQPfu4RwQK2N9aJ7NUYFRR6u5zAfBgNVHSMEGDAW gBQU9uWLMbZFgEpMbfzCh4nKNsOQYjANBgkqhkiG9w0BAQUFAAOCAQEAo+tBgmdj 7JurkQ9FDgVbdwujJvQBi0ZJaxfv2Ml1X6Nc67cA8MJNybWlo1c1i79uewAR9/5o jNgF/DRRUY5IgI/gZbvVh5zo6EAJ810cwYcax2XtMUH8txrh4q5tkQGREv/FWH/X aIutE3E2ZS9j9X3WOl3Sl/pVv17jf7u4P/7281LHo7mb7WNkUjUxdl24oLTlGsRZ +74MyNVfWiiT6B2U/DbDjiz1/35J5tMdMrrpr3rCPgmZVLP9QW2y3n6w2Me0DPLm zn0qFDGyf1FwE8mH4TBJfyTZE9dZik4Elr3LOiMe4beSphIm71/JYHFYOHgUeB2h W1tbdVLT+jy/2Q== -----END CERTIFICATE----- > > > Serial Number: 61124d7cca1cd76229996f849e9bf73dda Revocation Date: Mar 4 > > 01:00:00 2014 > > Not found in CCADB. This one has EKUs and NCs, considered as technically constrained, so it is not disclosed in Salesforce. Below is its pem, -----BEGIN CERTIFICATE----- MIIIvTCCB6WgAwIBAgIRYRJNfMoc12IpmW+Enpv3PdowDQYJKoZIhvcNAQELBQAw XDELMAkGA1UEBhMCQkUxFTATBgNVBAsTDFRydXN0ZWQgUm9vdDEZMBcGA1UEChMQ R2xvYmFsU2lnbiBudi1zYTEbMBkGA1UEAxMSVHJ1c3RlZCBSb290IENBIEcyMB4X DTEzMDQzMDAwMDAwMFoXDTE4MDQzMDAwMDAwMFowYDELMAkGA1UEBhMCVVMxEDAO BgNVBAgTB0Zsb3JpZGExETAPBgNVBAoTCFFwYXkgSW5jMSwwKgYDVQQDEyNRcGF5 IEluYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAIjXI4zU8C+HEnUokXudqZfoRyEoPdQ02ptrcoF1jSQS mC/heYnXNy7MCewVCut+/DEVZ+Zlzrgn/YIJGKnvZZQvnxdtFiHyK/aUrCsk5sgh m53MQCkJzQnmN154jh73nlQIf5ea0mS3Bqxa+mf1Y7WWFJtpYhEu8RqZWluhOO4e OqO5zYkZCqBm221wMPxzDsaRx/lhhUbNJKzm5AoUFlXOpufZ+L5bv6nGXkr5fhZa KciEHIHsvhHtS9qIig83+pj9fU7yrF7oFup0g6gnbbpRzf3BNVYlo4QWD3ug7beG I1pSKXhcCZjy/Nv3NiWC/hkDzzwWWQtO73EV6eBgwQMCAwEAAaOCBXQwggVwMA4G A1UdDwEB/wQEAwIBBjCBzQYDVR0gBIHFMIHCMEIGCisGAQQBoDIBPAEwNDAyBggr BgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w fAYMKwYBBAGCwXmDfQEBMGwwKwYIKwYBBQUHAgEWH2h0dHA6Ly9wa2kucXBheTEy My5jb20vY3BzLmh0bWwwPQYIKwYBBQUHAgIwMQwvQ29weXJpZ2h0IChjKSAyMDEz IFFwYXkgSW5jIEFsbCBSaWdodHMgUmVzZXJ2ZWQwEgYDVR0TAQH/BAgwBgEB/wIB ATCCA0kGA1UdHgSCA0AwggM8oIIDBjANggtxcGF5MTIzLmNvbTANggtxcGF5bmV0 LmNvbTANggtxcGF5MTIzLmJpejAPgg1teXN0YXIxMjMuY29tMAyCCnFwYXliaS5j b20wEIIOcXBheXJlcG9ydC5jb20wE4IRcXBheXJlcG9ydGluZy5jb20wDYILcXBh eWNzZS5jb20wD4INY3NlcmVwb3J0LmNvbTATghFtaWVzdHJlbGxhMTIzLmNvbTAT ghFtaWVzdHJlbGxhMTIzLm5ldDAVghNzaW5saW1pdGVtZXhpY28uY29tMBWCE3Bv bGFuZHVubGltaXRlZC5jb20wDoEMLnFwYXkxMjMuY29tMA2BC3FwYXkxMjMuY29t MA6BDC5xcGF5bmV0LmNvbTANgQtxcGF5bmV0LmNvbTAOgQwucXBheTEyMy5iaXow DYELcXBheTEyMy5iaXowEIEOLm15c3RhcjEyMy5jb20wD4ENbXlzdGFyMTIzLmNv bTANgQsucXBheWJpLmNvbTAMgQpxcGF5YmkuY29tMBGBDy5xcGF5cmVwb3J0LmNv bTAQgQ5xcGF5cmVwb3J0LmNvbTAUgRIucXBheXJlcG9ydGluZy5jb20wE4ERcXBh eXJlcG9ydGluZy5jb20wDoEMLnFwYXljc2UuY29tMA2BC3FwYXljc2UuY29tMBCB Di5jc2VyZXBvcnQuY29tMA+BDWNzZXJlcG9ydC5jb20wFIESLm1pZXN0cmVsbGEx MjMuY29tMBOBEW1pZXN0cmVsbGExMjMuY29tMBSBEi5taWVzdHJlbGxhMTIzLm5l dDATgRFtaWVzdHJlbGxhMTIzLm5ldDAWgRQuc2lubGltaXRlbWV4aWNvLmNvbTAV gRNzaW5saW1pdGVtZXhpY28uY29tMBaBFC5wb2xhbmR1bmxpbWl0ZWQuY29tMBWB E3BvbGFuZHVubGltaXRlZC5jb20wNqQ0MDIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI EwdGbG9yaWRhMREwDwYDVQQKEwhRcGF5IEluY6EwMAqHCAAAAAAAAAAAMCKHIAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCcGA1UdJQQgMB4GCCsGAQUF BwMBBggrBgEFBQcDAgYIKwYBBQUHAwQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDov L2NybC5nbG9iYWxzaWduLmNvbS9ncy90cnVzdHJvb3RnMi5jcmwwgYQGCCsGAQUF BwEBBHgwdjAzBggrBgEFBQcwAYYnaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29t L3RydXN0cm9vdGcyMD8GCCsGAQUFBzAChjNodHRwOi8vc2VjdXJlLmdsb2JhbHNp Z24uY29tL2NhY2VydC90cnVzdHJvb3RnMi5jcnQwHQYDVR0OBBYEFJ43CHCoezjR TkNP/TfwuEVPDL9bMB8GA1UdIwQYMBaAFBT25YsxtkWASkxt/MKHico2w5BiMA0G CSqGSIb3DQEBCwUAA4IBAQCKMkM+/21vaDolM+9KHgaaovhe/5ZU/dXU77KYDU+w +azktNRgL/gaujtFnOVtNhbMUlM8gBCq6pXU6Qq4CcrS+UWnELMGvXiwzbKM8Y7y LtswUyTqo9RQdt5+GGMgw8ShX+2WKsq21mwlwXo2TxL/SNO6Rsid/Eub2XBT9qRo grOzQdsKquIzx2b85ywiDEXWBtXSGlevtSdF2ptbx3zlf+Jv8Q9ZvpmCyIudt5nb WkcwOnXGiJlceedQpPmEnEh4UG5uPwyI7MuFIfcraZ+LE4rtIUKjMHMKIbe/uM9r ODMj/4NhfGQVIUbZdUg4mgso9Lv4LW4uverb12GyRXfi -----END CERTIFICATE----- > > > > Serial Number: 515f5a68378d44db50b978d1624e129218 Revocation Date: Mar 4 > > 01:00:00 2014 > > Not found in CCADB. This one has EKUs and NCs, considered as technically constrained, so it is not disclosed in Salesforce. Below is its pem, -----BEGIN CERTIFICATE----- MIIIxzCCB6+gAwIBAgIRUV9aaDeNRNtQuXjRYk4SkhgwDQYJKoZIhvcNAQELBQAw XDELMAkGA1UEBhMCQkUxFTATBgNVBAsTDFRydXN0ZWQgUm9vdDEZMBcGA1UEChMQ R2xvYmFsU2lnbiBudi1zYTEbMBkGA1UEAxMSVHJ1c3RlZCBSb290IENBIEcyMB4X DTEzMDQxODAwMDAwMFoXDTE4MDQxODAwMDAwMFowYDELMAkGA1UEBhMCVVMxEDAO BgNVBAgTB0Zsb3JpZGExETAPBgNVBAoTCFFwYXkgSW5jMSwwKgYDVQQDEyNRcGF5 IEluYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAIjXI4zU8C+HEnUokXudqZfoRyEoPdQ02ptrcoF1jSQS mC/heYnXNy7MCewVCut+/DEVZ+Zlzrgn/YIJGKnvZZQvnxdtFiHyK/aUrCsk5sgh m53MQCkJzQnmN154jh73nlQIf5ea0mS3Bqxa+mf1Y7WWFJtpYhEu8RqZWluhOO4e OqO5zYkZCqBm221wMPxzDsaRx/lhhUbNJKzm5AoUFlXOpufZ+L5bv6nGXkr5fhZa KciEHIHsvhHtS9qIig83+pj9fU7yrF7oFup0g6gnbbpRzf3BNVYlo4QWD3ug7beG I1pSKXhcCZjy/Nv3NiWC/hkDzzwWWQtO73EV6eBgwQMCAwEAAaOCBX4wggV6MA4G A1UdDwEB/wQEAwIBBjCBzQYDVR0gBIHFMIHCMEIGCisGAQQBoDIBPAEwNDAyBggr BgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w fAYMKwYBBAGCwXmDfQEBMGwwKwYIKwYBBQUHAgEWH2h0dHA6Ly9wa2kucXBheTEy My5jb20vY3BzLmh0bWwwPQYIKwYBBQUHAgIwMQwvQ29weXJpZ2h0IChjKSAyMDEz IFFwYXkgSW5jIEFsbCBSaWdodHMgUmVzZXJ2ZWQwEgYDVR0TAQH/BAgwBgEB/wIB ATCCA0kGA1UdHgSCA0AwggM8oIIDBjANggtxcGF5MTIzLmNvbTANggtxcGF5bmV0 LmNvbTANggtxcGF5MTIzLmJpejAPgg1teXN0YXIxMjMuY29tMAyCCnFwYXliaS5j b20wEIIOcXBheXJlcG9ydC5jb20wE4IRcXBheXJlcG9ydGluZy5jb20wDYILcXBh eWNzZS5jb20wD4INY3NlcmVwb3J0LmNvbTATghFtaWVzdHJlbGxhMTIzLmNvbTAT ghFtaWVzdHJlbGxhMTIzLm5ldDAVghNzaW5saW1pdGVtZXhpY28uY29tMBWCE3Bv bGFuZHVubGltaXRlZC5jb20wDoEMLnFwYXkxMjMuY29tMA2BC3FwYXkxMjMuY29t MA6BDC5xcGF5bmV0LmNvbTANgQtxcGF5bmV0LmNvbTAOgQwucXBheTEyMy5iaXow DYELcXBheTEyMy5iaXowEIEOLm15c3RhcjEyMy5jb20wD4ENbXlzdGFyMTIzLmNv bTANgQsucXBheWJpLmNvbTAMgQpxcGF5YmkuY29tMBGBDy5xcGF5cmVwb3J0LmNv bTAQgQ5xcGF5cmVwb3J0LmNvbTAUgRIucXBheXJlcG9ydGluZy5jb20wE4ERcXBh eXJlcG9ydGluZy5jb20wDoEMLnFwYXljc2UuY29tMA2BC3FwYXljc2UuY29tMBCB Di5jc2VyZXBvcnQuY29tMA+BDWNzZXJlcG9ydC5jb20wFIESLm1pZXN0cmVsbGEx MjMuY29tMBOBEW1pZXN0cmVsbGExMjMuY29tMBSBEi5taWVzdHJlbGxhMTIzLm5l dDATgRFtaWVzdHJlbGxhMTIzLm5ldDAWgRQuc2lubGltaXRlbWV4aWNvLmNvbTAV gRNzaW5saW1pdGVtZXhpY28uY29tMBaBFC5wb2xhbmR1bmxpbWl0ZWQuY29tMBWB E3BvbGFuZHVubGltaXRlZC5jb20wNqQ0MDIxCzAJBgNVBAYTAlVTMRAwDgYDVQQH EwdGbG9yaWRhMREwDwYDVQQKEwhRcGF5IEluY6EwMAqHCAAAAAAAAAAAMCKHIAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDEGA1UdJQQqMCgGCCsGAQUF BwMBBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMJMD0GA1UdHwQ2MDQwMqAw oC6GLGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvdHJ1c3Ryb290ZzIuY3Js MIGEBggrBgEFBQcBAQR4MHYwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwMi5nbG9i YWxzaWduLmNvbS90cnVzdHJvb3RnMjA/BggrBgEFBQcwAoYzaHR0cDovL3NlY3Vy ZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvdHJ1c3Ryb290ZzIuY3J0MB0GA1UdDgQW BBSeNwhwqHs40U5DT/038LhFTwy/WzAfBgNVHSMEGDAWgBQU9uWLMbZFgEpMbfzC h4nKNsOQYjANBgkqhkiG9w0BAQsFAAOCAQEAVc8sZOALHEbvqBNHBnrJGBtHVZ0m LGpswWYd57z1QQ/X7/XNspIKLkLRmOExK4E2UeZG2Alg80Tue+hVzW79gnXE0y23 BPV0qxyBUAZJ8RCL+w67DNxEx+n2KfkaASzi+La3WaeRA+2aDvJyEJC3dB8/VyN7 JKgnGU3TbceoGewwLJ/dJrhowWTzVr35BfzQtg5wo/oscm6cGI7Mm/wkA6a+l4Ki AdRsZpNYHtWw99YFBpYKEY1jl9JbI8060deZV9RCKsEqXnEDxry+V1lJVujEBshk PlK7tVuPw4XGCafUSS9OFXk3ri/u5AttIKz2ffHMT1lzqL2JvwsA5Unk/g== -----END CERTIFICATE----- Please review again. If needed, we can added these into the Salesforce system. Thank you.
Comment 14•7 years ago
|
||
http://crl.globalsign.com/gs/trustrootg2.crl was updated with 3 entries added, Serial Number: 4c b8 42 c7 97 2d 74 71 2d 92 b5 ee ab 95 99 d5 44 Revocation Date: 07 Jan 2017 00:00 UTC Expiry Date: 04 March 2019 00:00:00 UTC Serial Number: 22 aa 72 7f f6 28 1a 0b c7 73 c1 e2 0c 0c 40 23 ca Revocation Date: 07 Jan 2017 00:00 UTC Expiry Date: 13 December 2017 00:00:00 UTC Serial Number: 5c d7 d8 96 ba d5 c9 77 11 bc 14 cf 0e d3 5f 20 62 Revocation Date: 07 Jan 2017 00:00 UTC Expiry Date: 30 May 2018 00:00:00 UTC These 3 revocations are not compromises, they are to ensure the hierarchy remains clean as we've closed down old products which no longer issue. All these 3 have EKUs and NCs, are considered technically constrained.
Comment 15•7 years ago
|
||
http://crl.globalsign.com/gs/trustrootsha2g2.crl was updated with 1 entry added, Serial Number: 46 22 88 90 62 9f 09 93 54 4e ef 86 30 30 Revocation Date: 07 Jan 2017 00:00 UTC Expiry Date: February 25, 2020 00:00:00 UTC This revocation is not compromises, it is to ensure the hierarchy remains clean as we've closed down old products which no longer issue. It has EKUs and NCs, is considered technically constrained.
Comment 16•7 years ago
|
||
http://crl.globalsign.com/gs/root-r4.crl was updated with 3 entries added, Serial Number: 1f 07 b1 82 7f d9 08 98 9c 64 f7 2c 23 22 3c cf 14 Revocation Date: 07 Jan 2017 00:00 UTC Expiry Date: 13 November 2023 01:00:00 UTC Serial Number: 46 74 37 76 0e 4a 74 36 6c d2 7c 85 66 4e Revocation Date: 07 Jan 2017 00:00 UTC Expiry Date: April 30, 2025 00:00:00 UTC Serial Number: 46 74 37 75 8a 2f c2 f0 74 0f 9a b6 60 66 Revocation Date: 07 Jan 2017 00:00 UTC Expiry Date: April 30, 2025 00:00:00 UTC These 3 revocations are not compromises, they are to ensure the hierarchy remains clean as we've closed down old products which no longer issue. These 3 were disclosed in the Salesforce system, and their status have been updated with revoked status.
Reporter | ||
Comment 17•7 years ago
|
||
(In reply to GlobalSign from comment #16) > http://crl.globalsign.com/gs/root-r4.crl was updated with 3 entries added, > > Serial Number: 1f 07 b1 82 7f d9 08 98 9c 64 f7 2c 23 22 3c cf 14 > Revocation Date: 07 Jan 2017 00:00 UTC > Expiry Date: 13 November 2023 01:00:00 UTC > > Serial Number: 46 74 37 76 0e 4a 74 36 6c d2 7c 85 66 4e > Revocation Date: 07 Jan 2017 00:00 UTC > Expiry Date: April 30, 2025 00:00:00 UTC > > Serial Number: 46 74 37 75 8a 2f c2 f0 74 0f 9a b6 60 66 > Revocation Date: 07 Jan 2017 00:00 UTC > Expiry Date: April 30, 2025 00:00:00 UTC > > These 3 revocations are not compromises, they are to ensure the hierarchy > remains clean as we've closed down old products which no longer issue. These > 3 were disclosed in the Salesforce system, and their status have been > updated with revoked status. These have been added to OneCRL.
Reporter | ||
Comment 18•7 years ago
|
||
To my knowledge, all of the non-expired, non-technically-constrained revoked intermediate certs listed in this bug have been added to OneCRL. All future revocations of intermediate certs should be reported as described here: https://wiki.mozilla.org/CA:SalesforceCommunity#Add_Revoked_Intermediate_Certificate_Data_to_Salesforce Thank you for your patience and diligence.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•