Confirmed users
96
edits
MozillaRootCertificate: Difference between revisions
deprecate SHA1 in favor of sha2
Rsoderberg (talk | contribs) (introducing the SHA-2 root CA, with download links pending from bedrock team) |
Rsoderberg (talk | contribs) (deprecate SHA1 in favor of sha2) |
||
| Line 9: | Line 9: | ||
This document tells you how you can tell your browser to trust the Mozilla CAs so that you don't get these warnings. | This document tells you how you can tell your browser to trust the Mozilla CAs so that you don't get these warnings. | ||
= Mozilla SHA-1 Root CA = | = Mozilla SHA-2 Root CA = | ||
This is the current "Mozilla Root Certificate" internal CA as of February 2016, obsoleting the previous SHA-1 CA. | |||
The Mozilla SHA-2 Root CA certificate and sha256 checksum can be downloaded from: | |||
* Certificate: https://www.mozilla.org/certs/mozilla-root-sha2.crt | |||
* SHA256 Checksum: <code>[https://www.mozilla.org/certs/mozilla-root-sha2.sha256sum 746eb47c02524cf15dea7e947be4b47cf6fb96ce1a41fe87d8ffc2ce64ba134d]</code> | |||
* Fingerprints: | |||
<pre> | |||
SHA1 Fingerprint=B3:1F:97:81:79:3C:3B:39:27:9B:B7:B7:03:CC:97:AB:90:50:02:FF | |||
SHA256 Fingerprint=51:11:8D:20:EF:E1:DE:DE:70:7A:74:93:C7:97:F6:9F:13:53:97:03:04:50:A9:2B:9A:6F:15:D2:85:AA:A8:7E | |||
</pre> | |||
Note that, as of February 2016, many sites still use signed certificates issued by the previous SHA-1 CA. We recommend installing the SHA-1 CA certificate through the end of 2016, by which time browsers will most likely terminate support for SHA-1 entirely. | |||
= Mozilla SHA-1 Root CA (deprecated February 2016) = | |||
The Mozilla SHA-1 Root CA certificate and md5 checksum can be downloaded from: | The Mozilla SHA-1 Root CA certificate and md5 checksum can be downloaded from: | ||
| Line 21: | Line 37: | ||
</pre> | </pre> | ||
Between October 2012 and January 2016, this certificate was also known as the "Mozilla Root Certificate". | |||
= Installation = | = Installation = | ||