The certificate with fingerprint ff:bd:cd:e7:82:c8:43:5e:3c:6f:26:86:5c:ca:a8:3a:45:5b:c3:0a (the first one listed) is TrustCor RootCert CA-1 <https://crt.sh/?id=19392284>. You can see the email announcing Mozilla's decision to remove TrustCor from their trust store here <https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ>. That email thread also contains most of the discussion and deliberation around why TrustCor was removed, as well as messages from the Microsoft and Chrome root programs announcing similar distrust decisions.
The second fingerprint listed does not correspond to any known certificate, but that is because you have accidentally truncated it by one octet. I believe it was meant to be b8:be:6d:cb:56:f1:55:b9:63:d4:12:ca:4e:06:34:c7:94:b2:1c*:c0*, in which case it matches TrustCor RootCert CA-2 <https://crt.sh/?id=19392278>, which was distrusted at the same time as the above. The same goes for the third fingerprint. It should be 58:d1:df:95:95:67:6b:63:c0:f0:5b:1c:17:4d:8b:84:0b:c8:78*:bd*, for TrustCor ECA-1 <https://crt.sh/?id=19392274>, which was also removed at the same time as the above. The fourth fingerprint (e9:a8:5d:22:14:52:1c:5b:aa:0a:b4:be:24:6a:23:8a:c9:ba:e2) is also one octet short, but I have been unable to identify what certificate it is supposed to match. The certificate with fingerprint 8a:2f:af:57:53:b1:b0:e6:a1:04:ec:5b:6a:69:71:6d:f6:1c:e2:84 (the fifth one listed) is E-Tugra Global Root CA ECC v3 <https://crt.sh/?id=2605043398>. You can see the email announcing Mozilla's decision to remove E-Tugra from their trust store here <https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A/m/qDXcQu-hBAAJ> . The sixth fingerprint is also missing its final octet. It should be e9:a8:5d:22:14:52:1c:5b:aa:0a:b4:be:24:6a:23:8a:c9:ba:e2*:a9* to match E-Tugra Global Root CA RSA v3 <https://crt.sh/?id=2605037174>, which was removed from the trust store at the same time as the one above. Aaron On Mon, Nov 18, 2024 at 8:41 AM M THUG <[email protected]> wrote: > Dear Mozilla Firefox Team, > > I hope this message finds you well. > > I am writing to inquire about the removal of the following SSL/TLS > certificates from Firefox's trusted certificate store. These certificates > are identified by the following SHA1 fingerprints: > > SHA1 Fingerprint: > ff:bd:cd:e7:82:c8:43:5e:3c:6f:26:86:5c:ca:a8:3a:45:5b:c3:0a SHA1 > Fingerprint: b8:be:6d:cb:56:f1:55:b9:63:d4:12:ca:4e:06:34:c7:94:b2:1c SHA1 > Fingerprint: 58:d1:df:95:95:67:6b:63:c0:f0:5b:1c:17:4d:8b:84:0b:c8:78 SHA1 > Fingerprint: e9:a8:5d:22:14:52:1c:5b:aa:0a:b4:be:24:6a:23:8a:c9:ba:e2 SHA1 > Fingerprint: 8a:2f:af:57:53:b1:b0:e6:a1:04:ec:5b:6a:69:71:6d:f6:1c:e2:84 > SHA1 Fingerprint: ae:c5:fb:3f:c8:e1:bf:c4:e5:4f:03:07:5a:9a:e8:00:b7:f7:b6 > Could you kindly provide clarification as to why these specific > certificates were removed? Understanding the rationale behind this decision > will help us assess any potential impact on our systems and ensure that we > are adhering to the best practices for security. > > Thank you in advance for your attention to this matter. I look forward to > your response. > > Best regards, Vamsi > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ffb4ca11-594d-486b-8b55-2f95f0c3eef0n%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ffb4ca11-594d-486b-8b55-2f95f0c3eef0n%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAEmnErcrE5Fbd%2BSVA9-WTCPYQmgQV4sisMsKtBVOa-XN_%3DJYyw%40mail.gmail.com.
