On Monday, February 1, 2016 at 1:17:10 PM UTC+2, Erwann Abalea wrote: > Bonjour, > > Le jeudi 10 décembre 2015 21:01:39 UTC+1, Kathleen Wilson a écrit : > > This request is to include the "ComSign Global Root CA" root > > certificate, and enable the Websites and Email trust bits. This root > > will eventually replace the "ComSign CA" root certificate that is > > currently included in NSS, and was approved in bug #420705. > [...] > > * OCSP URL: http://ocsp1.comsign.co.il > > When sending a request to validate intermediate CA certificates (both > Organizational and EV SSL) to this responder, the responder certificate > signing the response is issued by Organizational CA instead of the Global > Root CA.
Hello, This is due to temporary technical problem. Up until 3 weeks ago the responder had a certificate signed by the root CA (Global Root CA) - but due to a hardware issue with the device which holds the responder's keys we had to replace the certificate. Since signing certificates by the Root CA server requires a major key ceremony, we scheduled to perform this ceremony during the next few days. Until then, the responder will use the Subordinate CA's OCSP certificate. Eli Spitzer | Information security & System Management | Comsign _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
