|
|
| (15 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| This page documents all of domains that Balrog serves, when various applications switched to them, their SSL pinning requirements, and active certificates.
| | Moved to https://mozilla-balrog.readthedocs.io/en/latest/client_domains.html |
| | |
| == Active Certificates ==
| |
| {| class="wikitable sortable"
| |
| |-
| |
| ! Domain
| |
| ! Issuer
| |
| ! Serial Number
| |
| ! Primary/Backup
| |
| ! Expiration
| |
| ! Links
| |
| |-
| |
| | rowspan="2" | aus5.mozilla.org
| |
| | DigiCert
| |
| | 07:D5:0D:C7:F3:68:98:2F:AB:5E:19:B9:C5:FB:A1:5C
| |
| | Primary
| |
| | July 28, 2017
| |
| | rowspan="2" | {{bug|1179339}}
| |
| |-
| |
| | Thawte
| |
| | ???
| |
| | Backup
| |
| | August 10, 2017
| |
| |-
| |
| | rowspan="2" | aus4.mozilla.org
| |
| | DigiCert
| |
| | 05:5A:F0:03:C4:5E:01:11:4A:D0:5E:24:D7:74:3B:1E
| |
| | Primary
| |
| | December 7, 2018
| |
| | {{bug|832461}}
| |
| |-
| |
| | Thawte
| |
| | 25:a8:fd:b6:7a:1f:6c:b8:95:99:e0:91:5c:69:71:05
| |
| | Backup
| |
| | September 24, 2017
| |
| | {{bug|919746}}
| |
| |-
| |
| | rowspan="2" | aus3.mozilla.org
| |
| | Thawte
| |
| | 14:6A:AB:C3:52:09:8C:4D:51:7B:FA:1B:AA:21:2C:6A
| |
| | Primary
| |
| | September 8, 2017
| |
| | ???
| |
| |-
| |
| | ???
| |
| | ???
| |
| | Backup
| |
| | ???
| |
| | ???
| |
| |}
| |
| | |
| == Pinning Requirements ==
| |
| {| class="wikitable sortable"
| |
| |-
| |
| ! Domain
| |
| ! Application
| |
| ! Versions
| |
| ! Issuer Pinned To
| |
| ! HPKP(inning)
| |
| ! Links
| |
| ! Renewable?
| |
| |-
| |
| | rowspan="6" | aus5.mozilla.org
| |
| | Firefox
| |
| | rowspan="3" | 42.0 and up
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| | rowspan="6" | YES - No pinning requirements for some apps, and we can certs for those that do pin.
| |
| |-
| |
| | Fennec
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | GMP
| |
| | "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=thawte SSL CA - G2,O=thawte, Inc.,C=US"
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | rowspan="2" | Thunderbird
| |
| | 51.0 and up
| |
| | Nothing
| |
| | rowspan="2" | None
| |
| | {{bug|1182352}}
| |
| |-
| |
| | 42.0 - 50.0
| |
| | "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=thawte SSL CA - G2,O=thawte, Inc.,C=US"
| |
| | {{bug|1116409}}
| |
| |-
| |
| | B2G
| |
| | ???
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | SystemAddons
| |
| | 44.0 and up
| |
| | Nothing
| |
| | None
| |
| | {{bug|1213348}}
| |
| |-
| |
| | rowspan="5" | aus4.mozilla.org
| |
| | Firefox
| |
| | rowspan="2" | 36.0 - 41.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|885477}}
| |
| | rowspan="5" | NO - All apps do pinning, and we cannot get certs that are compatible.
| |
| |-
| |
| | Thunderbird
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|922264}}
| |
| |-
| |
| | Fennec
| |
| | 27.0 - 42.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|885477}}
| |
| |-
| |
| | B2G
| |
| | ???
| |
| | Nothing
| |
| | None
| |
| | {{bug|918068}}
| |
| |-
| |
| | GMP
| |
| | 37.0 - 41.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| |
| |
| |-
| |
| | rowspan="4" | aus3.mozilla.org
| |
| | rowspan="2" | Firefox
| |
| | 26.0 - 35.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|921045}}
| |
| | rowspan="4" | NO - All apps do pinning, and we cannot get certs that are compatible.
| |
| |-
| |
| | 4.0 - 25.0
| |
| | "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|586213}}
| |
| |-
| |
| | rowspan="2" | Thunderbird
| |
| | 27.0 - 35.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|942748}}
| |
| |-
| |
| | 14.0 - 26.0
| |
| | "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|751679}}
| |
| |-
| |
| | rowspan="2" | aus2.mozilla.org
| |
| | Firefox
| |
| | 2.0 - 3.0
| |
| | Nothing
| |
| | None
| |
| | {{bug|302721}}
| |
| | rowspan="2" | YES - No pinning requirements. We just 302 to another domain at this point, though.
| |
| |-
| |
| | Fennec
| |
| | 26.0 and earlier
| |
| | Nothing
| |
| | None
| |
| | {{bug|302721}}
| |
| |}
| |
| | |
| NB: Beginning with 24.0, Thunderbird started shipping release channel builds of ESR repos. This means that they have not shipped any release builds from Gecko versions other than 24.0, 31.0, 38.0, 45.0, 52.0, etc. The version numbers in the table still apply for Betas shipped from the major versions listed.
| |