Closed
Bug 919480
Opened 11 years ago
Closed 10 years ago
Remove Expired Firmaprofesional Root Certificate from NSS
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: frank.lichtenheld, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 Iceweasel/23.0 (Beta/Release) Build ID: 20130807033622 Steps to reproduce: Checked the expiry dates of CAs shipped by Mozilla Actual results: There is one Root CA "Certificate "Firmaprofesional Root CA"" which expires in about a month. It seems to this CA was updated in #601718 but under a different name "Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"" (which is also the CN of the older CA). Expected results: The obsolete CA should probably not be shipped anymore.
Comment 1•11 years ago
|
||
Kathleen, I also got report about this expired root through another channel. Can we remove it in the next batch?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•11 years ago
|
||
# # Certificate "Firmaprofesional Root CA" # # Issuer: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES # Serial Number: 1 (0x1) # Subject: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES # Not Valid Before: Wed Oct 24 22:00:00 2001 # Not Valid After : Thu Oct 24 22:00:00 2013 # Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF # Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C
Comment 3•11 years ago
|
||
Yes, I will add this bug to my list for the next batch of root changes. I'll send you the list in email. CC'ing Chema on this bug, because he is the point-of-contact for Firmaprofesional.
Summary: Obsolete Root CA shipped for Firmaprofesional → Remove Expired Firmaprofesional Root Certificate from NSS
Comment 4•10 years ago
|
||
Chema, The code patch for this root cert removal is in bug #957300. The test build is available at http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-e9ed86288188/ I have tested it, but you are also welcome to do so as follows... Download a binary for your preferred operating system, you probably want one of the following files: try-linux/firefox-....en-US.linux-i686.tar.bz2 try-linux64/firefox-....en-US.linux-x86_64.tar.bz2 try-macosx64/firefox-....en-US.mac.dmg try-win32/firefox-....en-US.win32.zip Refer to https://wiki.mozilla.org/CA:How_to_apply#Testing_Inclusion Be sure to use a fresh profile. http://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles
Comment 5•10 years ago
|
||
Thanks, Kathleen. We will test is ASAP. On the other hand, has something to do the EV check activation (bug #794036) with the bug #957300]? Thanks in advance, (In reply to Kathleen Wilson from comment #4) > Chema, > > The code patch for this root cert removal is in bug #957300. > > The test build is available at > > http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de- > e9ed86288188/ > > I have tested it, but you are also welcome to do so as follows... > > Download a binary for your preferred operating system, you probably want one > of the following files: > try-linux/firefox-....en-US.linux-i686.tar.bz2 > try-linux64/firefox-....en-US.linux-x86_64.tar.bz2 > try-macosx64/firefox-....en-US.mac.dmg > try-win32/firefox-....en-US.win32.zip > > Refer to https://wiki.mozilla.org/CA:How_to_apply#Testing_Inclusion > > Be sure to use a fresh profile. > http://support.mozilla.org/en-US/kb/profile-manager-create-and-remove- > firefox-profiles
Comment 6•10 years ago
|
||
We already have tested it and the old CA root is not included, as expected, so it seems everything is all-right.
Comment 7•10 years ago
|
||
(In reply to Chema López from comment #5) > On the other hand, has something to do the EV check activation (bug #794036) > with the bug #957300]? I'm hoping to get to that soon, and then I'll update that bug. Thanks, Kathleen
Comment 8•10 years ago
|
||
(In reply to Chema López from comment #6) > We already have tested it and the old CA root is not included, as expected, > so it seems everything is all-right. Thanks for testing. We are targeting Firefox 29 for this change. https://wiki.mozilla.org/RapidRelease/Calendar
Comment 9•10 years ago
|
||
done as part of bug 957300
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•