Balrog/Client Domains: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 59: Line 59:
! HPKP(inning)
! HPKP(inning)
! Links
! Links
! Renewable?
|-
|-
| rowspan="6" | aus5.mozilla.org
| rowspan="6" | aus5.mozilla.org
Line 66: Line 67:
| None
| None
| {{bug|1116409}}
| {{bug|1116409}}
| rowspan="6" | YES - No pinning requirements for some apps, and we can certs for those that do pin.
|-
|-
| Fennec
| Fennec
Line 103: Line 105:
| None
| None
| {{bug|885477}}
| {{bug|885477}}
| rowspan="5" | NO - All apps do pinning, and we cannot get certs that are compatible.
|-
|-
| Thunderbird
| Thunderbird
Line 137: Line 140:
| None
| None
| {{bug|921045}}
| {{bug|921045}}
| rowspan="4" | NO - All apps do pinning, and we cannot get certs that are compatible.
|-
|-
| 4.0 - 25.0
| 4.0 - 25.0
Line 163: Line 167:
| None
| None
| {{bug|302721}}
| {{bug|302721}}
| rowspan="2" | YES - No pinning requirements.
|-
|-
| Fennec
| Fennec

Revision as of 15:05, 31 May 2017

This page documents all of domains that Balrog serves, when various applications switched to them, their SSL pinning requirements, and active certificates.

Active Certificates

Domain Issuer Serial Number Primary/Backup Expiration Links
aus5.mozilla.org DigiCert 07:D5:0D:C7:F3:68:98:2F:AB:5E:19:B9:C5:FB:A1:5C Primary July 28, 2017 bug 1179339
Thawte ??? Backup ???
aus4.mozilla.org DigiCert 05:5A:F0:03:C4:5E:01:11:4A:D0:5E:24:D7:74:3B:1E Primary December 7, 2018 bug 832461
Thawte 25:a8:fd:b6:7a:1f:6c:b8:95:99:e0:91:5c:69:71:05 Backup September 24, 2017 bug 919746
aus3.mozilla.org Thawte 14:6A:AB:C3:52:09:8C:4D:51:7B:FA:1B:AA:21:2C:6A Primary September 8, 2017 ???
??? ??? Backup ??? ???

Pinning Requirements

Domain Application Versions Issuer Pinned To HPKP(inning) Links Renewable?
aus5.mozilla.org Firefox 42.0 and up Nothing None bug 1116409 YES - No pinning requirements for some apps, and we can certs for those that do pin.
Fennec Nothing None bug 1116409
GMP "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"

"CN=thawte SSL CA - G2,O=thawte, Inc.,C=US"

None bug 1116409
Thunderbird "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"

"CN=thawte SSL CA - G2,O=thawte, Inc.,C=US"

None bug 1116409
B2G ??? Nothing None bug 1116409
SystemAddons 44.0 and up Nothing None bug 1213348
aus4.mozilla.org Firefox 36.0 - 41.0 "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"

"CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"

None bug 885477 NO - All apps do pinning, and we cannot get certs that are compatible.
Thunderbird "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"

"CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"

None bug 922264
Fennec 27.0 - 42.0 "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"

"CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"

None bug 885477
B2G ??? Nothing None bug 918068
GMP 37.0 - 41.0 "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"

"CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"

None
aus3.mozilla.org Firefox 26.0 - 35.0 "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"

"CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"

None bug 921045 NO - All apps do pinning, and we cannot get certs that are compatible.
4.0 - 25.0 "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"

"CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"

None bug 586213
Thunderbird 27.0 - 35.0 "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"

"CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"

None bug 942748
14.0 - 26.0 "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"

"CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"

None bug 751679
aus2.mozilla.org Firefox 2.0 - 3.0 Nothing None bug 302721 YES - No pinning requirements.
Fennec 26.0 and earlier Nothing None bug 302721

NB: Beginning with 24.0, Thunderbird started shipping release channel builds of ESR repos. This means that they have not shipped any release builds from Gecko versions other than 24.0, 31.0, 38.0, 45.0, 52.0, etc. The version numbers in the table still apply for Betas shipped from the major versions listed.

Retrieved from "https://wiki.allizom.org/index.php?title=Balrog/Client_Domains&oldid=1172261"