|
|
| (11 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| This page documents all of domains that Balrog serves, when various applications switched to them, their SSL pinning requirements, and active certificates.
| | Moved to https://mozilla-balrog.readthedocs.io/en/latest/client_domains.html |
| | |
| == SSL Certificates ==
| |
| {| class="wikitable sortable"
| |
| |-
| |
| ! Domain
| |
| ! Issuer
| |
| ! Serial Number
| |
| ! Primary/Backup
| |
| ! Expiration
| |
| ! Links
| |
| ! Comments
| |
| |-
| |
| | rowspan="4" | aus5.mozilla.org
| |
| | DigiCert
| |
| | 07:10:8B:20:9E:D3:45:6C:EE:88:94:91:44:C4:56:0C
| |
| | Primary
| |
| | August 13, 2019
| |
| | rowspan="2" | {{bug|1369143}}
| |
| |
| |
| |-
| |
| | Thawte
| |
| | ???
| |
| | Backup
| |
| | ???
| |
| |
| |
| |-
| |
| | DigiCert
| |
| | 07:D5:0D:C7:F3:68:98:2F:AB:5E:19:B9:C5:FB:A1:5C
| |
| | Retired on July 20, 2017
| |
| | July 28, 2017
| |
| | rowspan="2" | {{bug|1179339}}
| |
| |
| |
| |-
| |
| | Thawte
| |
| | ???
| |
| | Backup
| |
| | August 10, 2017
| |
| |
| |
| |-
| |
| | rowspan="2" | aus4.mozilla.org
| |
| | DigiCert
| |
| | 05:5A:F0:03:C4:5E:01:11:4A:D0:5E:24:D7:74:3B:1E
| |
| | Primary
| |
| | December 7, 2018
| |
| | {{bug|832461}}
| |
| |
| |
| |-
| |
| | Thawte
| |
| | 25:a8:fd:b6:7a:1f:6c:b8:95:99:e0:91:5c:69:71:05
| |
| | Backup
| |
| | September 24, 2017
| |
| | {{bug|919746}}
| |
| |
| |
| |-
| |
| | rowspan="3" | aus3.mozilla.org
| |
| | Thawte
| |
| | 5b:44:41:c9:34:ed:c8:9c:81:b9:32:0d:09:43:45:a9
| |
| | Primary (not yet deployed)
| |
| | February 7, 2020
| |
| | {{bug|1340880}}
| |
| | Not possible to have a backup cert because Thawte is the only Issuer compatible with all clients using this domain.
| |
| |-
| |
| | Thawte
| |
| | 14:6A:AB:C3:52:09:8C:4D:51:7B:FA:1B:AA:21:2C:6A
| |
| | Primary
| |
| | September 8, 2017
| |
| | ???
| |
| |
| |
| |}
| |
| | |
| == Pinning Requirements ==
| |
| {| class="wikitable sortable"
| |
| |-
| |
| ! Domain
| |
| ! Application
| |
| ! Versions
| |
| ! Issuer Pinned To
| |
| ! HPKP(inning)
| |
| ! Links
| |
| ! Renewable?
| |
| |-
| |
| | rowspan="7" | aus5.mozilla.org
| |
| | Firefox
| |
| | rowspan="3" | 42.0 and up
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| | rowspan="7" | YES - No pinning requirements for some apps, and we can get certs for those that do pin.
| |
| |-
| |
| | Fennec
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | GMP
| |
| | "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=thawte SSL CA - G2,O=thawte, Inc.,C=US"
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | rowspan="2" | Thunderbird
| |
| | 51.0 and up
| |
| | Nothing
| |
| | rowspan="2" | None
| |
| | {{bug|1182352}}
| |
| |-
| |
| | 42.0 - 50.0
| |
| | "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=thawte SSL CA - G2,O=thawte, Inc.,C=US"
| |
| | {{bug|1116409}}
| |
| |-
| |
| | B2G
| |
| | ???
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | SystemAddons
| |
| | 44.0 and up
| |
| | Any CA included in Firefox's root store.
| |
| | None
| |
| | {{bug|1213348}}
| |
| |-
| |
| | rowspan="5" | aus4.mozilla.org
| |
| | Firefox
| |
| | rowspan="2" | 36.0 - 41.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|885477}}
| |
| | rowspan="5" | NO - All apps do pinning, and we cannot get certs that are compatible.
| |
| |-
| |
| | Thunderbird
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|922264}}
| |
| |-
| |
| | Fennec
| |
| | 27.0 - 42.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|885477}}
| |
| |-
| |
| | B2G
| |
| | ???
| |
| | Nothing
| |
| | None
| |
| | {{bug|918068}}
| |
| |-
| |
| | GMP
| |
| | 37.0 - 41.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| |
| |
| |-
| |
| | rowspan="4" | aus3.mozilla.org
| |
| | rowspan="2" | Firefox
| |
| | 26.0 - 35.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|921045}}
| |
| | rowspan="4" | NO - All apps do pinning, and we cannot get certs that are compatible.
| |
| |-
| |
| | 4.0 - 25.0
| |
| | "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|586213}}
| |
| |-
| |
| | rowspan="2" | Thunderbird
| |
| | 27.0 - 35.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|942748}}
| |
| |-
| |
| | 14.0 - 26.0
| |
| | "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|751679}}
| |
| |-
| |
| | rowspan="2" | aus2.mozilla.org
| |
| | Firefox
| |
| | 2.0 - 3.0
| |
| | Nothing
| |
| | None
| |
| | {{bug|302721}}
| |
| | rowspan="2" | YES - No pinning requirements. We just 302 to another domain at this point, though.
| |
| |-
| |
| | Fennec
| |
| | 26.0 and earlier
| |
| | Nothing
| |
| | None
| |
| | {{bug|302721}}
| |
| |}
| |
| | |
| NB: Beginning with 24.0, Thunderbird started shipping release channel builds of ESR repos. This means that they have not shipped any release builds from Gecko versions other than 24.0, 31.0, 38.0, 45.0, 52.0, etc. The version numbers in the table still apply for Betas shipped from the major versions listed.
| |