Hi, in my role as unpaid tech advisor for our local library, may I ask a question about the ipsCA issue?
Is my understanding correct that ipsCA currently reissues certificates [1] signed with a root CA that is not yet in Mozilla products, due to IPS's delaying the necessary vetting process [2]? In other words, Mozilla users would see security warnings even if a reissued certificate was used? The reason I'm confused is that I, like David, saw a number of still valid certificates from "IPS Internet publishing Services s.l." already shipping with Firefox, alongside the now-expired certificate. But I suppose those certificates are for something else and the reissued certificates won't be signed using them? Thanks, - Godmar [2] https://bugzilla.mozilla.org/show_bug.cgi?id=529286 [1] http://certs.ipsca.com/Support/hierarchy-ipsca.asp On Thu, Dec 17, 2009 at 4:02 PM, John Wynstra <john.wyns...@uni.edu> wrote: > Out of curiosity, did anyone else using ipsCA certs receive notification > that due to the coming expiration of their root CA (December 29,2009), they > would need a reissued cert under a new root CA? > > I am uncertain as to how this new Root CA will become a part of the > browsers trusted roots without some type of user action including a software > upgrade, but the following library website instructions lead me to believe > that this is not going to be smooth. http://bit.ly/53Npel > > We are just about to go live with EZProxy in January with an ipsCA cert > issued a few months ago, and I am not about to do that if I have serious > browser support issue. > > > -- > <><><><><><><><><><><><><><><><><><><> > John Wynstra > Library Information Systems Specialist > Rod Library > University of Northern Iowa > Cedar Falls, IA 50613 > wyns...@uni.edu > (319)273-6399 > <><><><><><><><><><><><><><><><><><><> >