|
|
| Line 1: |
Line 1: |
| This page documents all of domains that Balrog serves, when various applications switched to them, their SSL pinning requirements, and active certificates.
| | Moved to https://mozilla-balrog.readthedocs.io/en/latest/client_domains.html |
| | |
| == SSL Certificates ==
| |
| {| class="wikitable sortable"
| |
| |-
| |
| ! Domain
| |
| ! Issuer
| |
| ! Serial Number
| |
| ! Primary/Backup
| |
| ! Expiration
| |
| ! Links
| |
| ! Comments
| |
| |-
| |
| | rowspan="5" | aus5.mozilla.org
| |
| | rowspan="3" | DigiCert
| |
| | 07:10:8B:20:9E:D3:45:6C:EE:88:94:91:44:C4:56:0C
| |
| | Primary
| |
| | August 13, 2019
| |
| | None, done by CloudOps
| |
| |
| |
| |-
| |
| | 0D:23:43:9A:32:3D:25:C5:A6:C3:2D:76:63:60:05:53
| |
| | Retired on June 14th, 2019
| |
| | August 13, 2019
| |
| | {{bug|1369143}}
| |
| |
| |
| |-
| |
| | 07:D5:0D:C7:F3:68:98:2F:AB:5E:19:B9:C5:FB:A1:5C
| |
| | Retired on July 20, 2017
| |
| | July 28, 2017
| |
| | {{bug|1179339}}
| |
| |
| |
| |-
| |
| | rowspan="2" | Thawte
| |
| | 0c:96:80:24:b6:b2:72:81:42:8b:53:a5:24:94:52:fb
| |
| | Backup
| |
| | August 14, 2020
| |
| | {{bug|1369143}}
| |
| |
| |
| |-
| |
| | ???
| |
| | Retired Backup
| |
| | August 10, 2017
| |
| | {{bug|1179339}}
| |
| |
| |
| |-
| |
| | rowspan="2" | aus4.mozilla.org
| |
| | DigiCert
| |
| | 05:5A:F0:03:C4:5E:01:11:4A:D0:5E:24:D7:74:3B:1E
| |
| | Primary
| |
| | December 7, 2018
| |
| | {{bug|832461}}
| |
| |
| |
| |-
| |
| | Thawte
| |
| | 25:a8:fd:b6:7a:1f:6c:b8:95:99:e0:91:5c:69:71:05
| |
| | Retired Backup
| |
| | September 24, 2017
| |
| | {{bug|919746}}
| |
| | Explicitly not renewing this cert, per https://bugzilla.mozilla.org/show_bug.cgi?id=1340880#c60
| |
| |-
| |
| | rowspan="2" | aus3.mozilla.org
| |
| | Thawte
| |
| | 5b:44:41:c9:34:ed:c8:9c:81:b9:32:0d:09:43:45:a9
| |
| | Primary
| |
| | February 7, 2020
| |
| | {{bug|1340880}}
| |
| | rowspan="2" | Not possible to have a backup cert because Thawte is the only Issuer compatible with all clients using this domain.
| |
| |-
| |
| | Thawte
| |
| | 14:6A:AB:C3:52:09:8C:4D:51:7B:FA:1B:AA:21:2C:6A
| |
| | Retired Primary (retired on September 5, 2017)
| |
| | September 8, 2017
| |
| | ???
| |
| |}
| |
| | |
| == Pinning Requirements ==
| |
| {| class="wikitable sortable"
| |
| |-
| |
| ! Domain
| |
| ! Application
| |
| ! Versions
| |
| ! Issuer Pinned To
| |
| ! HPKP(inning)
| |
| ! Links
| |
| ! Renewable?
| |
| |-
| |
| | rowspan="7" | aus5.mozilla.org
| |
| | Firefox
| |
| | rowspan="3" | 42.0 and up
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| | rowspan="7" | YES - No pinning requirements for some apps, and we can get certs for those that do pin.
| |
| |-
| |
| | Fennec
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | GMP
| |
| | "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=thawte SSL CA - G2,O=thawte, Inc.,C=US"
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | rowspan="2" | Thunderbird
| |
| | 51.0 and up
| |
| | Nothing
| |
| | rowspan="2" | None
| |
| | {{bug|1182352}}
| |
| |-
| |
| | 42.0 - 50.0
| |
| | "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=thawte SSL CA - G2,O=thawte, Inc.,C=US"
| |
| | {{bug|1116409}}
| |
| |-
| |
| | B2G
| |
| | ???
| |
| | Nothing
| |
| | None
| |
| | {{bug|1116409}}
| |
| |-
| |
| | SystemAddons
| |
| | 44.0 and up
| |
| | Any CA included in Firefox's root store.
| |
| | None
| |
| | {{bug|1213348}}
| |
| |-
| |
| | rowspan="5" | aus4.mozilla.org
| |
| | Firefox
| |
| | rowspan="2" | 36.0 - 41.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|885477}}
| |
| | rowspan="5" | NO - All apps do pinning, and we cannot get certs that are compatible.
| |
| |-
| |
| | Thunderbird
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|922264}}
| |
| |-
| |
| | Fennec
| |
| | 27.0 - 42.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|885477}}
| |
| |-
| |
| | B2G
| |
| | ???
| |
| | Nothing
| |
| | None
| |
| | {{bug|918068}}
| |
| |-
| |
| | GMP
| |
| | 37.0 - 41.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| |
| |
| |-
| |
| | rowspan="4" | aus3.mozilla.org
| |
| | rowspan="2" | Firefox
| |
| | 26.0 - 35.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|921045}}
| |
| | rowspan="4" | NO - All apps do pinning, and we cannot get certs that are compatible.
| |
| |-
| |
| | 4.0 - 25.0
| |
| | "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|586213}}
| |
| |-
| |
| | rowspan="2" | Thunderbird
| |
| | 27.0 - 35.0
| |
| | "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|942748}}
| |
| |-
| |
| | 14.0 - 26.0
| |
| | "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"
| |
| "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US"
| |
| | None
| |
| | {{bug|751679}}
| |
| |-
| |
| | rowspan="2" | aus2.mozilla.org
| |
| | Firefox
| |
| | 2.0 - 3.6
| |
| | Nothing
| |
| | None
| |
| | {{bug|302721}}
| |
| | rowspan="2" | YES - No pinning requirements. We just 302 to another domain at this point, though.
| |
| |-
| |
| | Fennec
| |
| | 26.0 and earlier
| |
| | Nothing
| |
| | None
| |
| | {{bug|302721}}
| |
| |}
| |
| | |
| NB: Beginning with 24.0, Thunderbird started shipping release channel builds of ESR repos. This means that they have not shipped any release builds from Gecko versions other than 24.0, 31.0, 38.0, 45.0, 52.0, etc. The version numbers in the table still apply for Betas shipped from the major versions listed.
| |