Confirmed users
566
edits
CA/Root CA Lifecycles: Difference between revisions
Add Table of Distrusted CAs
m (Added link to MRSP) |
(Add Table of Distrusted CAs) |
||
| Line 40: | Line 40: | ||
CA operators are strongly urged to apply to Mozilla for inclusion of their next generation root certificate at least 2 years before the distrust date of the CA certificate they wish to replace. | CA operators are strongly urged to apply to Mozilla for inclusion of their next generation root certificate at least 2 years before the distrust date of the CA certificate they wish to replace. | ||
== 2025 Webtrust Bit Removals == | |||
In accordance with the schedule above, and Bug #1937338 https://bugzilla.mozilla.org/show_bug.cgi?id=1937338, Mozilla will remove the websites trust bit for these eight (8) CAs on April 15, 2025: | |||
{| class="wikitable" | |||
| '''CA Name''' | |||
| '''SHA 256 Hash''' | |||
|- | |||
| Baltimore CyberTrust Root (expires 5/12/2025) | |||
| 16AF57A9F676B0AB126095AA5EBADEF22AB31119D644AC95CD4B93DBF3F26AEB | |||
|- | |||
| Entrust.net Certification Authority (2048) | |||
| 6DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB177 | |||
|- | |||
| AAA Certificate Services | |||
| D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4 | |||
|- | |||
| Go Daddy Class 2 CA | |||
| C3846BF24B9E93CA64274C0EC67C1ECC5E024FFCACD2D74019350E81FE546AE4 | |||
|- | |||
| Starfield Class 2 CA | |||
| 1465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658 | |||
|- | |||
| XRamp Global Certification Authority | |||
| CECDDC905099D8DADFC5B1D209B737CBE2C18CFB2C10C0FF0BCF0D3286FC1AA2 | |||
|- | |||
| Chunghwa Telecom Co., Ltd. - ePKI Root Certification Authority | |||
| C0A6F4DC63A24BFDCF54EF2A6A082A0A72DE35803E2FF5FF527AE5D87206DFD5 | |||
|- | |||
| GlobalSign Root CA | |||
| EBD41040E4BB3EC742C9E381D31EF2A41A48B6685C96E7CEF3C1DF6CD4331C99 | |||
|} | |||
== Background == | == Background == | ||