Closed
Bug 783711
Opened 12 years ago
Closed 12 years ago
Renew authenticode signing certificate before it expires 29/31oct2012
Categories
(Release Engineering :: Release Automation: Other, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: joduinn, Assigned: bhearsum)
References
Details
Instructions documented in bug#677025#c4 and then updated in bug#696775. Please read both bugs before starting
Assignee | ||
Comment 1•12 years ago
|
||
joduinn briefed me on this a bit, I'll be looking at this in the next few weeks, well in advance of expiry.
Assignee: nobody → bhearsum
Assignee | ||
Comment 2•12 years ago
|
||
To be clear, this seems to be about both the Release and Nightly certs. The Release one expires on the 29th and the Nightly one expires on the 31st, according to my dump of them with openssl.
Assignee | ||
Comment 3•12 years ago
|
||
08:54 < catlee-away> [22:11:40] bhearsum|afk: if you're getting the new code signing certs, I'm pretty sure they're used for XPI hotfixes, and so the public keys need to be included in firefox itself
08:55 < bhearsum|afk> catlee-away: so after getting the new certs, i need to import the public keys into m-c (and backport everywhere, i assume)
08:57 <@catlee> yeah, I guess so
08:57 <@catlee> I think it supports multiple fingerprints
08:58 < bhearsum> ok, i'll look into it
08:58 < bhearsum> thanks!
Assignee | ||
Comment 4•12 years ago
|
||
I initiated the purchase for both of these keys today. Current status is "pending", with the following text:
Typical processing time for your SSL Certificate is two business days or less.
At this time, no action is required from you. If there is anything else Thawte needs from your organization, Thawte will send email notification or call, in addition to displaying an alert in this status page.
Does this answer your status question? If not, click here.
I'll be following up tomorrow/Monday if we see no progress.
Assignee | ||
Comment 5•12 years ago
|
||
OK, this is almost done now. We have the new certs in hand, and I've installed them onto the signing servers. Nightly builds are already getting signed with the new keys, and the next set of releases will get signed with the new set of release keys.
Last thing to do here is to put the new release key in the NSS keyring and make sure we can do XPI signing with them. I have some minor updates to https://intranet.mozilla.org/RelEngWiki/index.php/Signing#Inventory to do, too.
Assignee | ||
Comment 6•12 years ago
|
||
OK, new cert installed everywhere, imported to an NSS keystore, and docs updated.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•