certdata.txt is including 2 expired certificates
Dear Firefox support,
I would like to share with you that your certdata.txt file is including 2 expired CA certificates: | Expiration date | Certificate CN | | 2019-07-06 | Class 2 Primary CA | | 2019-07-09 | Deutsche Telekom Root CA 2 |
New certificates should be retrieved for these 2 CA, or they should be deleted from the certdata.txt as they are no longer valid.
certdata.txt References:
nss: 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt', central: https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', beta: https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', release: 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
Thanks for your help.
Réiteach roghnaithe
Hi vlours, you are very observant! However, it's outside the scope of the support forum.
Maybe a good place to discuss this would be the security policy mailing list:
https://lists.mozilla.org/listinfo/dev-security-policy
I wonder whether it is necessary to keep these in the file because there are intermediate certificates they were used to sign. Or would those intermediate certificates also be invalid now? I have no idea...
Read this answer in context 👍 0All Replies (2)
Réiteach Roghnaithe
Hi vlours, you are very observant! However, it's outside the scope of the support forum.
Maybe a good place to discuss this would be the security policy mailing list:
https://lists.mozilla.org/listinfo/dev-security-policy
I wonder whether it is necessary to keep these in the file because there are intermediate certificates they were used to sign. Or would those intermediate certificates also be invalid now? I have no idea...
Hi Jscher2000,
Thanks for your message and suggestion. I've just posted a message in the "mozilla.dev.security.policy" Group. I hope to hear from them soon.
I will close this question as resolved, as the support forum is not in charge of this kind of issue and actually redirected me to the right community.
Thanks. Cheers,