Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

certdata.txt is including 2 expired certificates

  • 2 replies
  • 1 has this problem
  • 118 views
  • Last reply by vlours

more options

Dear Firefox support,

I would like to share with you that your certdata.txt file is including 2 expired CA certificates: | Expiration date | Certificate CN | | 2019-07-06 | Class 2 Primary CA | | 2019-07-09 | Deutsche Telekom Root CA 2 |

New certificates should be retrieved for these 2 CA, or they should be deleted from the certdata.txt as they are no longer valid.

certdata.txt References:

 nss: 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt',
 central: https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
 beta: https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
 release: 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',

Thanks for your help.

Chosen solution

Hi vlours, you are very observant! However, it's outside the scope of the support forum.

Maybe a good place to discuss this would be the security policy mailing list:

https://lists.mozilla.org/listinfo/dev-security-policy

I wonder whether it is necessary to keep these in the file because there are intermediate certificates they were used to sign. Or would those intermediate certificates also be invalid now? I have no idea...

Read this answer in context 👍 0

All Replies (2)

more options

Chosen Solution

Hi vlours, you are very observant! However, it's outside the scope of the support forum.

Maybe a good place to discuss this would be the security policy mailing list:

https://lists.mozilla.org/listinfo/dev-security-policy

I wonder whether it is necessary to keep these in the file because there are intermediate certificates they were used to sign. Or would those intermediate certificates also be invalid now? I have no idea...

more options

Hi Jscher2000,

Thanks for your message and suggestion. I've just posted a message in the "mozilla.dev.security.policy" Group. I hope to hear from them soon.

I will close this question as resolved, as the support forum is not in charge of this kind of issue and actually redirected me to the right community.

Thanks. Cheers,