The existing one expires at the end of the month, and we just purchased a new one. We should get the new SHA1 fingerprint into 16.0.2. It is: CA:C4:7D:BF:63:4D:24:E9:DC:93:07:2F:E3:C8:EA:6D:C3:94:6E:89

Updates the fingerprint, tested against a test add-on that bhearsum provided. We should expect to land this on m-c, aurora and beta channels.

On inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/697754b0663b

Juan, can you please verify this? It has to do with the hotfix you were testing earlier. It should be fixed for Firefox 19.0a1 Nightly.

Verified on latest Nightly on Windows XP. The fingerprint value now matches the one in comment #0.

Comment on attachment 673365 [details] [diff] [review] patch rev 1 This also needs to land on mozilla-esr10 (tip and the FIREFOX_10_0_9esr_RELEASE branch)

(In reply to Alex Keybl [:akeybl] from comment #6) > Comment on attachment 673365 [details] [diff] [review] > patch rev 1 > > This also needs to land on mozilla-esr10 (tip and the > FIREFOX_10_0_9esr_RELEASE branch) FIREFOX_10_0_9esr_RELEASE is a tag. GECKO1009_2012101115_RELBRANCH is the relbranch for that release.

aurora tip: https://hg.mozilla.org/releases/mozilla-aurora/rev/34381986b01d beta tip: https://hg.mozilla.org/releases/mozilla-beta/rev/b2e61264d362 release tip: https://hg.mozilla.org/releases/mozilla-release/rev/774491e9f207 esr tip: https://hg.mozilla.org/releases/mozilla-esr10/rev/0958a6addb41 esr branch GECKO1009_2012101115_RELBRANCH: https://hg.mozilla.org/releases/mozilla-esr10/rev/cb285a728179

Juan, can you please verify tomorrow's Aurora and 17.0b3 builds are fixed?

(In reply to Ben Hearsum [:bhearsum] from comment #0) > The existing one expires at the end of the month That's probably cutting it a little fine, we know some people are more than a month behind on updates. Would we never issue an add-on hotfix to people who aren't fully up to date? It might be better to have two acceptable certs with overlapping validity periods

(In reply to Daniel Veditz [:dveditz] from comment #10) > (In reply to Ben Hearsum [:bhearsum] from comment #0) > > The existing one expires at the end of the month > > That's probably cutting it a little fine, we know some people are more than > a month behind on updates. Would we never issue an add-on hotfix to people > who aren't fully up to date? It might be better to have two acceptable certs > with overlapping validity periods Bug 803596 for hotfixing the older users (resolved/fixed already), and we're discussing overlap in email.

I verified this on Aurora where the extension.hotfix.certs.1.sha1Fingerprint has the new value. I checked across Windows, Mac and Linux. Beta however does not seem to have the fix. The value of the fingerprint is the same as before. Did the fix actually land in time before the builds were kicked off?

In reply to comment #11: > Bug 803596 for hotfixing the older users heh, forgot we could use the hotfix add-on to hotfix the hotfix cert :-)

Also verified on 16.0.2 and 10.0.10 ESR build candidates across operating systems.

Juan, now that we have 17b4 candidates, can you please verify this on beta?

Verified on Fx17b4(build1) candidates.

Thanks Juan, we'll want one last verification against Firefox 17 ESR when we have builds in a couple weeks.

Juan, can you check this against our 17esr candidates? ftp://ftp.mozilla.org/pub/firefox/nightly/17.0esr-candidates/build1/

Verified on ESR candidates across OSs using en-US and one locale.