Yes, you are right. I'm afraid we are using ipsCA certs, and using the
'updated' certs (that is, those that have not expired) are still not
trusted by Firefox. Or Opera or Safari. They are trusted by IE7.
Haven't tested IE6.
Godmar Back wrote:
Hi,
in my role as unpaid tech advisor for our local library, may I ask a
question about the ipsCA issue?
Is my understanding correct that ipsCA currently reissues certificates [1]
signed with a root CA that is not yet in Mozilla products, due to IPS's
delaying the necessary vetting process [2]? In other words, Mozilla users
would see security warnings even if a reissued certificate was used?
The reason I'm confused is that I, like David, saw a number of still valid
certificates from "IPS Internet publishing Services s.l." already shipping
with Firefox, alongside the now-expired certificate. But I suppose those
certificates are for something else and the reissued certificates won't be
signed using them?
Thanks,
- Godmar
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=529286
[1] http://certs.ipsca.com/Support/hierarchy-ipsca.asp
On Thu, Dec 17, 2009 at 4:02 PM, John Wynstra <john.wyns...@uni.edu> wrote:
Out of curiosity, did anyone else using ipsCA certs receive notification
that due to the coming expiration of their root CA (December 29,2009), they
would need a reissued cert under a new root CA?
I am uncertain as to how this new Root CA will become a part of the
browsers trusted roots without some type of user action including a software
upgrade, but the following library website instructions lead me to believe
that this is not going to be smooth. http://bit.ly/53Npel
We are just about to go live with EZProxy in January with an ipsCA cert
issued a few months ago, and I am not about to do that if I have serious
browser support issue.
--
<><><><><><><><><><><><><><><><><><><>
John Wynstra
Library Information Systems Specialist
Rod Library
University of Northern Iowa
Cedar Falls, IA 50613
wyns...@uni.edu
(319)273-6399
<><><><><><><><><><><><><><><><><><><>
