All, Starting Sunday afternoon (PDT), we will be updating the production instance of the Common CA Database (a.k.a. CA Community in Salesforce). This work will continue into Monday. The system will still be available during that time, but depending on when you access it or the corresponding reports, you may find some delays or inconsistencies.
Summary of changes: - 'Signature Hash Algorithm' will have new drop down list: md2WithRSAEncryption, md5WithRSAEncryption, sha1WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, ecdsaWithSHA256, ecdsaWithSHA384. ecdsaWithSHA521 - 'Public Key Algorithm' will have new drop down list: RSA 1024 bits, RSA 2048 bits, RSA 4096 bits, EC secp256r1, EC secp384r1, EC secp521r1 - 'Signature Algorithm' & 'Signing Key Parameters' will be deprecated - 'Certificate ID' a new field will be added and auto populated. It identifies same logical certificate in different CA Hierarchies. SHA-256(der(subject) + der(spki)). - 'Certificate Serial number' new field on root page will be added and auto populated - 'CRl URl(s)' will be populated by urls ending with .crl only - Minor rearrangements of fields will be made to root and intermediate page layouts - A batch process will re-run PEM->JSON tool for all intermediate certs and populate PEM fields - Another batch process will add PEM info to root certs and all PEM fields will be populated by the values returned by x509certChecker utility (PEM->JSON) - 'Add/Update PEM info' button will be made available to root store managers who have write-access (currently only Mozilla and Microsoft) - Reports which use 'Signature Algorithm'/ 'Signing Key Parameters' will show the new fields instead. - CSV Reports which use 'Signature Algorithm'/ 'Signing Key Parameters' will show the new fields instead. I apologize for any inconvenience caused during our upgrade, but I look forward to having these changes and the updated certificate fields for root and intermediate certs in production. Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
