Hi Peter,
Here is the wiki reference that states which Intermediate CAs should be
included in salesforce:
https://wiki.mozilla.org/CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F
I think Kathleen has captured all cases and the instructions are clear.
Here is a Google Spreadsheet without the subordinates that have EKU
restrictions. I didn't match to SalesForce, so most of these are
probably already in there.
https://docs.google.com/spreadsheets/d/14lO33nW-tTN86Vq_urmI6IAIWRPZgd1KKfzvrLk5TZQ/edit?usp=sharing
On Wed, Apr 27, 2016 at 6:11 PM,
On Wed, Apr 27, 2016 at 7:36 PM, Richard Barnes wrote:
> On Wed, Apr 27, 2016 at 8:41 PM, Peter Bowen wrote:
>>
>> As far as I can tell, SalesForce does not have a way to show multiple
>> certificates for one CA. So it is entirely possible to have all CAs
On Wed, Apr 27, 2016 at 8:41 PM, Peter Bowen wrote:
> As far as I can tell, SalesForce does not have a way to show multiple
> certificates for one CA. So it is entirely possible to have all CAs
> disclosed but not have all CA certificates disclosed. (Some of the
> edges in
Dear CAs,
As you guys are working toward the June 30 deadline for disclosing
intermediate certificates in SalesForce, I thought I would share some notes
on the undisclosed certificates that we're seeing, so that you can make
sure you get them all uploaded.
Zakir Durumeric from UMich/Censys.io
This request by the Government of Japan, Ministry of Internal Affairs and
Communications, is to include the GPKI 'ApplicationCA2 Root' certificate and
enable the Websites trust bit. This new root certificate has been created in
order to comply with the Baseline Requirements, and will eventually
Well, now you've made me go and try it. I couldn't get OpenSSL to use
RSAwithMD2, but it works fine with MD5:
openssl req -x509 -out client-cert.pem -new -newkey rsa:512 -md5 -nodes
-keyout client-priv.pem
openssl pkcs12 -export -in client-cert.pem -inkey client-priv.pem -out
client.p12
#
It does to a certain extent. If I have a certificate that uses a
512-bit RSA key and is signed using RSAwithMD2, will Mozilla even
attempt to use that certificate for client authentication?
On Wed, Apr 27, 2016 at 10:54 AM, Richard Barnes wrote:
> For client certificates,
For client certificates, it doesn't really matter what Mozilla thinks -- it
matters what the website thinks when you present the client cert.
On Wed, Apr 27, 2016 at 7:48 AM, wrote:
> Hi ! I read "
>
Hi ! I read
"https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/;
article but my question is what about Client authentication certificates that
are issued using SHA-1 like Qualified Certificates issued to clients in order
to make client authenticated SSL
On Friday, April 8, 2016 at 12:58:41 AM UTC+3, Kathleen Wilson wrote:
> The status of this discussion is that we are waiting for the CA to provide
> the following:
>
> 1) Updated/restructured CPS (both in Hebrew and translated into English).
>
> 2) Full BR Audit statement.
>
> 3) An
11 matches
Mail list logo