← DocuSign (OpenTrust/Keynectis) cases
Bugzilla #1465625
Root Update Request
Turn off Websites trust bit for OpenTrust and Certplus root certs
RESOLVED
FIXED
DocuSign (OpenTrust/Keynectis)
AI Summary
The case involves a request from DocuSign to remove the 'Websites' trust bit for five root certificates associated with OpenTrust and Certplus. The request was made due to the end-of-life of TLS certificates on their side, with no urgency or significant impact on customers noted. The changes are planned for inclusion in the upcoming NSS and Firefox releases. The request was resolved with the necessary code changes confirmed.
Chronology
- Initial request to remove the trust bit for specified root CAs.
- Confirmation that code changes will be included in the July/August batch of updates.
- Test build made available for verification of changes.
Participants
Kathleen Wilson
Erwann Abalea
External References
Similar Local Cases
Turn off websites and code signing trust bits for two IdenTrust root certs
Enable EV and Turn on Code Signing trust bit for TWCA Root certificate
Replace Entrust.net Certification Authority (2048) root certificate
Refresh the GlobalSign Root CA cert (will be EV)
GlobalSign: Remove EV bit from ex-GS roots now owned by GTS
Basic Constraint Ext: Proposal: Remove old Entrust 2048 root, add equivalent 2048 intermediate
New EV Policy OID for CFCA EV root
ACCV: Transition Plan for Existing Root