Inquiry Regarding Removal of Certificates with Specific SHA1 Fingerprints
Dear Mozilla Firefox Team,
I hope this message finds you well.
I am writing to inquire about the removal of the following SSL/TLS certificates from Firefox's trusted certificate store. These certificates are identified by the following SHA1 fingerprints:
SHA1 Fingerprint: ff:bd:cd:e7:82:c8:43:5e:3c:6f:26:86:5c:ca:a8:3a:45:5b:c3:0a SHA1 Fingerprint: b8:be:6d:cb:56:f1:55:b9:63:d4:12:ca:4e:06:34:c7:94:b2:1c SHA1 Fingerprint: 58:d1:df:95:95:67:6b:63:c0:f0:5b:1c:17:4d:8b:84:0b:c8:78 SHA1 Fingerprint: e9:a8:5d:22:14:52:1c:5b:aa:0a:b4:be:24:6a:23:8a:c9:ba:e2 SHA1 Fingerprint: 8a:2f:af:57:53:b1:b0:e6:a1:04:ec:5b:6a:69:71:6d:f6:1c:e2:84 SHA1 Fingerprint: ae:c5:fb:3f:c8:e1:bf:c4:e5:4f:03:07:5a:9a:e8:00:b7:f7:b6 Could you kindly provide clarification as to why these specific certificates were removed? Understanding the rationale behind this decision will help us assess any potential impact on our systems and ensure that we are adhering to the best practices for security.
Thank you in advance for your attention to this matter. I look forward to your response.
Best regards, Vamsi [edited email from public]
Edeziri
All Replies (2)
Who validates SSL/TLS certificates?
A certificate authority (CA) is an organization that sells SSL/TLS certificates to web owners, web hosting companies, or businesses. The CA validates the domain and owner details before issuing the SSL/TLS certificate. To be a CA, an organization must meet specific requirements set by the operating system, browsers, or mobile devices company and apply to be listed as a root certificate authority. This is important to establish trust amongst internet users. For example, Amazon Trust Services is a certificate authority and can issue SSL/TLS certificates to websites.
You should check with the CA about your issues.
Hi Vamsi, your question is beyond the scope for this support forum, but here are some resources to pursue an answer to your question:
(1) Root Certificate policy
https://www.mozilla.org/about/governance/policies/security-group/certs/policy/
(2) Mailing list
https://groups.google.com/a/mozilla.org/g/dev-security-policy