Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Avatar for Username

تلاش سپورٹ

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

مزید سیکھیں

اس تھریڈ کو آرکائیوکیا گیا تھا۔ اگر آپ کو مدد کی ضرورت ہو تو براہ مہربانی نیا سوال پوچھیں۔

certdata.txt is including 2 expired certificates

  • 2 جواب دیں
  • 1 میں یہ مسئلہ ہے
  • 1 دیکھیں
  • آخری جواب بذریعہ vlours

vlours
vlours
more options

Dear Firefox support,

I would like to share with you that your certdata.txt file is including 2 expired CA certificates: | Expiration date | Certificate CN | | 2019-07-06 | Class 2 Primary CA | | 2019-07-09 | Deutsche Telekom Root CA 2 |

New certificates should be retrieved for these 2 CA, or they should be deleted from the certdata.txt as they are no longer valid.

certdata.txt References: 

 nss: 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt',
 central: https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
 beta: https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
 release: 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',

Thanks for your help.

Dear Firefox support, I would like to share with you that your certdata.txt file is including 2 expired CA certificates: | Expiration date | Certificate CN | | 2019-07-06 | Class 2 Primary CA | | 2019-07-09 | Deutsche Telekom Root CA 2 | New certificates should be retrieved for these 2 CA, or they should be deleted from the certdata.txt as they are no longer valid. certdata.txt References: nss: 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt', central: https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', beta: https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', release: 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', Thanks for your help.

منتخب شدہ حل

Hi vlours, you are very observant! However, it's outside the scope of the support forum.

Maybe a good place to discuss this would be the security policy mailing list:

https://lists.mozilla.org/listinfo/dev-security-policy

I wonder whether it is necessary to keep these in the file because there are intermediate certificates they were used to sign. Or would those intermediate certificates also be invalid now? I have no idea...

اس جواب کو سیاق و سباق میں پڑھیں 👍 0

تمام جوابات (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 25 Contributor
more options

منتخب شدہ حل

Hi vlours, you are very observant! However, it's outside the scope of the support forum.

Maybe a good place to discuss this would be the security policy mailing list:

https://lists.mozilla.org/listinfo/dev-security-policy

I wonder whether it is necessary to keep these in the file because there are intermediate certificates they were used to sign. Or would those intermediate certificates also be invalid now? I have no idea...

vlours
vlours سوال کا مالک
more options

Hi Jscher2000,

Thanks for your message and suggestion. I've just posted a message in the "mozilla.dev.security.policy" Group. I hope to hear from them soon.

I will close this question as resolved, as the support forum is not in charge of this kind of issue and actually redirected me to the right community.

Thanks. Cheers,