Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Remove old StartCom root certs from NSS

286 views

Skip to first unread message

Kathleen Wilson

unread,

Jul 10, 2017, 3:48:59 PM7/10/17

to mozilla-dev-s...@lists.mozilla.org

And I think we should remove the old StartCom root certs from NSS.

Reference:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#StartCom
~~
Mozilla currently recommends not trusting any certificates issued by this CA after October 21st, 2016. That recommendation covers the following roots:

CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL

This restriction has been implemented in both in the Mozilla platform security code (PSM), which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, in the NSS library code, which is used by applications that use the NSS certificate verification APIs.
~~

Please let me know if you foresee any problems with removing these root certs from NSS.

Thanks,
Kathleen

Kathleen Wilson

unread,

Aug 22, 2017, 8:06:50 PM8/22/17

to mozilla-dev-s...@lists.mozilla.org

I have filed Bug #1392849 to remove the old StartCom root certificates. This will likely happen in the October batch of root changes.

Kathleen

0 new messages