175651 – Refresh SSL certificate for GlobalSign

Bug 175651 - Refresh SSL certificate for GlobalSign

Summary: Refresh SSL certificate for GlobalSign

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kio
Classification:	Frameworks and Libraries
Component:	kssl (show other bugs)
Version:	unspecified
Platform:	unspecified Unspecified

Importance:	NOR normal
Target Milestone:	---
Assignee:	Brad Hards

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-11-20 12:46 UTC by Steve Roylance
Modified:	2014-11-07 03:35 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Steve Roylance 2008-11-20 12:46:32 UTC

Version:            (using KDE 4.1.3)
Installed from:    Unspecified

GlobalSign has refeshed our 2014 root to expire in 2028 using the same key material as the original 2014 root.    The new Root has the following values:- 

Subject DN
  CN = GlobalSign Root CA
  OU = Root CA
  O = GlobalSign nv-sa
  C = BE
Serial Number
‎  04 00 00 00 00 01 15 4b 5a c3 94
Subject KeyID
  60 7b 66 1a 45 0d 97 ca 89 50 2f 7d 04 cd 34 a8 ff fc fd 4b
Validity time
  Valid from 	: 01 September 1998 12:00:00
  Valid to 	: 28 January 2028 12:00:00
Fingerprints
  SHA1 	= B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
  MD5 	= 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
URI to online CRL repository 
  http://crl.globalsign.net/Root.crl  
URI to online location of the root 
  http://secure.globalsign.net/cacert/Root-R1.crt 

Prior to replacing the 2014 compatability needs to be checked to ensure that the 2028 expiry root does not cause any problems on servers that return the 2014 root by default.  This depends on the logic within KDE to verify the certificate attributes.

PREVIOUS BUG TO ADD 2021 WAS 140249

Comment 1 Steve Roylance 2009-10-20 15:51:26 UTC

Hi Everyone.

I pinged Christophe a couple of times through the year, however as this bug has not progressed therefore I want to add our next root detail at the same time.  It means we'll end up with 3 roots in the store.

All roots is primarily suitable for Server and Client Authentication, Secure e-mail, Code Signing and Timestamping, however the root itself is marked for all issuance policies and therefore can also be used for OCSP, Encrypting File System, IP Sec (Tunnel, User) and CA Encryption Certificate purposes.  All legal documents are located in the repository.  
http://www.globalsign.com/repository/index.cfm.

Common items:-

Key extensions 
•	basicConstraints: CA: true
•	keyUsage: keyCertSign, cRLSign

GlobalSign Root CA R1  (Revision 1)
======================================================================
Subject DN
   CN = GlobalSign Root CA
   OU = Root CA
   O = GlobalSign nv-sa
   C = BE
Signature Algorithum
   Sha1WithRSAEncryption
Serial Number
   ‎04 00 00 00 00 01 15 4b 5a c3 94
Subject KeyID
   60 7b 66 1a 45 0d 97 ca 89 50 2f 7d 04 cd 34 a8 ff fc fd 4b
Validity time
   Valid from 	: 01 September 1998 12:00:00
   Valid to 	: 28 January 2028 12:00:00
Fingerprints
   SHA1 	= B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
   MD5 	= 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
URI to online CRL repository 
   http://crl.globalsign.net/Root.crl
URI to online location of the root 
   http://secure.globalsign.net/cacert/Root-R1.crt 
URI to online location of test
   https://2028.globalsign.com

GlobalSign Root CA R2 (Revision 2)
=========================================================================
Signature Algorithum
   Sha1WithRSAEncryption
Subject DN
   CN = GlobalSign
   O = GlobalSign
   OU = GlobalSign Root CA - R2
Subject KeyID
   9b e2 07 57 67 1c 1e c0 6a 06 de 59 b4 9a 2d df dc 19 86 2e
Serial Number
   ‎04 00 00 00 00 01 0f 86 26 e6 0d
Validity time
   Valid from 	: 15 December 2006 08:00:00
   Valid to 	: 15 December 2021 08:00:00
Fingerprints
   SHA1 	= 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE 
   MD5 	= 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30 
URI to online CRL repository 
   http://crl.globalsign.net/Root-r2.crl  
URI to online location of the root 
   http://secure.globalsign.net/cacert/Root-R2.crt 
URI to online location of test
   https://2021.globalsign.com

GlobalSign Root CA R3  (Revision 3)
=========================================================================
Signature Algorithum
   sha256WithRSAEncryption
Subject DN
   CN = GlobalSign
   O = GlobalSign
   OU = GlobalSign Root CA – R3
Serial Number
   ‎‎04 00 00 00 00 01 21 58 53 08 A2
Subject KeyID
   8f f0 4b 7f a8 2e 45 24 ae 4d 50 fa 63 9a 8b de e2 dd 1b bc
Validity time
   Valid from 	: 18th March 2009 10:00:00
   Valid to 	: 18th March 2029 10:00:00
Fingerprints
   SHA1 	= D6 9B 56 11 48 F0 1C 77 C5 45 78 C1 09 26 DF 5B 85 69 76 AD
   MD5 	= C5 DF B8 49 CA 05 13 55 EE 2D BA 1A C3 3E B0 28
URI to online CRL repository 
   http://crl.globalsign.net/Root-r3.crl  (Not yet published)
URI to online location of the root 
   http://secure.globalsign.net/cacert/Root-R3.crt 
URI to online location of test
   https://2029.globalsign.com  (operational from Dec 2009)

Thanks

Comment 2 Brad Hards 2010-03-08 08:01:23 UTC

GlobalSign Root CA R2 (Revision 2) is already in the KDE root store, verified as trusted at https://2021.globalsign.com/

Others to be verified and added.

Comment 3 Brad Hards 2010-03-08 08:43:48 UTC

Steve,

For the 2014 -> 2028 change, can you confirm that you want to make this change:
 X.509 Certificate Information:
        Version: 3
-       Serial Number (hex): 020000000000d678b79405
+       Serial Number (hex): 040000000001154b5ac394
        Issuer: C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA
        Validity:
                Not Before: Tue Sep 01 12:00:00 UTC 1998
-               Not After: Tue Jan 28 12:00:00 UTC 2014
+               Not After: Fri Jan 28 12:00:00 UTC 2028
        Subject: C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA
        Subject Public Key Algorithm: RSA
                Modulus (bits 2048):
@@ -2687,41 +2687,41 @@
                Key Usage (critical):
                        Certificate signing.
                        CRL signing.
-               Subject Key Identifier (not critical):
-                       607b661a450d97ca89502f7d04cd34a8fffcfd4b
                Basic Constraints (critical):
                        Certificate Authority (CA): TRUE
-       Signature Algorithm: RSA-MD5
+               Subject Key Identifier (not critical):
+                       607b661a450d97ca89502f7d04cd34a8fffcfd4b
+       Signature Algorithm: RSA-SHA
        Signature:
-               ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9
-               6c:4f:6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e
-               e8:81:49:98:7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51
-               ff:09:31:2a:1f:dd:89:77:9e:0f:2e:6c:95:04:ed:86
-               cb:b4:00:3f:84:02:4d:80:6a:2a:2d:78:0b:ae:6f:2b
-               a2:83:44:83:1f:cd:50:82:4c:24:af:bd:f7:a5:b4:c8
-               5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a:88:05:3a:d9
-               c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c:77:fe
-               46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59
-               2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5
-               a7:31:3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9
-               43:34:f6:0f:87:29:3b:9d:c2:56:58:98:77:c3:f7:1b
-               ac:f6:9d:f8:3e:aa:a7:54:45:f0:f5:f9:d5:31:65:fe
-               6b:58:9c:71:b3:1e:d7:52:ea:32:17:fc:40:60:1d:c9
-               79:24:b2:f6:6c:fd:a8:66:0e:82:dd:98:cb:da:c2:44
-               4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46:8a:78:a3:e3
+               d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28
+               32:b5:7c:fc:6c:9c:2c:2b:bd:09:9e:53:bf:6b:5e:aa
+               11:48:b6:e5:08:a3:b3:ca:3d:61:4d:d3:46:09:b3:3e
+               c3:a0:e3:63:55:1b:f2:ba:ef:ad:39:e1:43:b9:38:a3
+               e6:2f:8a:26:3b:ef:a0:50:56:f9:c6:0a:fd:38:cd:c4
+               0b:70:51:94:97:98:04:df:c3:5f:94:d5:15:c9:14:41
+               9c:c4:5d:75:64:15:0d:ff:55:30:ec:86:8f:ff:0d:ef
+               2c:b9:63:46:f6:aa:fc:df:bc:69:fd:2e:12:48:64:9a
+               e0:95:f0:a6:ef:29:8f:01:b1:15:b5:0c:1d:a5:fe:69
+               2c:69:24:78:1e:b3:a7:1c:71:62:ee:ca:c8:97:ac:17
+               5d:8a:c2:f8:47:86:6e:2a:c4:56:31:95:d0:67:89:85
+               2b:f9:6c:a6:5d:46:9d:0c:aa:82:e4:99:51:dd:70:b7
+               db:56:3d:61:e4:6a:e1:5c:d6:f6:fe:3d:de:41:cc:07
+               ae:63:52:bf:53:53:f4:2b:e9:c7:fd:b6:f7:82:5f:85
+               d2:41:18:db:81:b3:04:1c:c5:1f:a4:80:6f:15:20:c9
+               de:0c:88:0a:1d:d6:66:55:e2:fc:48:c9:29:26:69:e0
 Other Information:
        MD5 fingerprint:
-               abbfeae36b29a6cca6783599efad2b80
+               3e455215095192e1b75d379fb187298a
        SHA-1 fingerprint:
-               2f173f7de99667afa57af80aa2d1b12fac830338
+               b1bc968bd4f49d622aa89a81f2150152a41d829c
        Public Key Id:
                76c90e915207cfcd7ac1afbd6cc2465c182cae9f
 
 -----BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
 A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
 b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
-MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
 YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
 aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
 jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
@@ -2729,14 +2729,14 @@
 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
 snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
 U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
-9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
-YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
-5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
-gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
-rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
-ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
-Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
 -----END CERTIFICATE-----

Comment 4 Brad Hards 2010-03-08 09:40:36 UTC

Steve,

For the GlobalSign Root CA R3, I'm not seeing that in the Mozilla list (http://www.mozilla.org/projects/security/certs/included/#GlobalSign). Looks like it is still pending (https://bugzilla.mozilla.org/show_bug.cgi?id=507360).

I'm also not seeing it in the November 2009 list from Microsoft (from http://support.microsoft.com/kb/931125)

What is the story with that Root?

Brad

Comment 5 Steve Roylance 2010-03-08 12:02:47 UTC

Hi Brad

It's just taking longer for these two.   We missed having a test site for the November submission so it will be in this March edition.   Mozilla is taking a long long time to discuss.

It's in Java, Opera, RIM some mobile platforms in Japan and Apple, so you should be fine.

Look at https://2029.globalsign.com  with Opera for proof.

I'll reply to the other mails later as I need to get a big value quote out ASAP.

Steve

-----Original Message-----
From: bugzilla_noreply@kde.org [mailto:bugzilla_noreply@kde.org] On Behalf Of Brad Hards
Sent: 08 March 2010 08:41
To: steve.roylance@globalsign.com
Subject: [Bug 175651] Refresh SSL certificate for GlobalSign

https://bugs.kde.org/show_bug.cgi?id=175651





--- Comment #4 from Brad Hards <bradh frogmouth net>  2010-03-08 09:40:36 ---
Steve,

For the GlobalSign Root CA R3, I'm not seeing that in the Mozilla list
(http://www.mozilla.org/projects/security/certs/included/#GlobalSign). Looks
like it is still pending (https://bugzilla.mozilla.org/show_bug.cgi?id=507360).

I'm also not seeing it in the November 2009 list from Microsoft (from
http://support.microsoft.com/kb/931125)

What is the story with that Root?

Brad

Comment 6 Steve Roylance 2010-03-08 17:58:39 UTC

Hi Brad,

This is indeed correct.

Steve

-----Original Message-----
From: bugzilla_noreply@kde.org [mailto:bugzilla_noreply@kde.org] On Behalf Of Brad Hards
Sent: 08 March 2010 07:44
To: steve.roylance@globalsign.com
Subject: [Bug 175651] Refresh SSL certificate for GlobalSign

https://bugs.kde.org/show_bug.cgi?id=175651





--- Comment #3 from Brad Hards <bradh frogmouth net>  2010-03-08 08:43:48 ---
Steve,

For the 2014 -> 2028 change, can you confirm that you want to make this change:
 X.509 Certificate Information:
        Version: 3
-       Serial Number (hex): 020000000000d678b79405
+       Serial Number (hex): 040000000001154b5ac394
        Issuer: C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA
        Validity:
                Not Before: Tue Sep 01 12:00:00 UTC 1998
-               Not After: Tue Jan 28 12:00:00 UTC 2014
+               Not After: Fri Jan 28 12:00:00 UTC 2028
        Subject: C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA
        Subject Public Key Algorithm: RSA
                Modulus (bits 2048):
@@ -2687,41 +2687,41 @@
                Key Usage (critical):
                        Certificate signing.
                        CRL signing.
-               Subject Key Identifier (not critical):
-                       607b661a450d97ca89502f7d04cd34a8fffcfd4b
                Basic Constraints (critical):
                        Certificate Authority (CA): TRUE
-       Signature Algorithm: RSA-MD5
+               Subject Key Identifier (not critical):
+                       607b661a450d97ca89502f7d04cd34a8fffcfd4b
+       Signature Algorithm: RSA-SHA
        Signature:
-               ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9
-               6c:4f:6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e
-               e8:81:49:98:7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51
-               ff:09:31:2a:1f:dd:89:77:9e:0f:2e:6c:95:04:ed:86
-               cb:b4:00:3f:84:02:4d:80:6a:2a:2d:78:0b:ae:6f:2b
-               a2:83:44:83:1f:cd:50:82:4c:24:af:bd:f7:a5:b4:c8
-               5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a:88:05:3a:d9
-               c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c:77:fe
-               46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59
-               2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5
-               a7:31:3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9
-               43:34:f6:0f:87:29:3b:9d:c2:56:58:98:77:c3:f7:1b
-               ac:f6:9d:f8:3e:aa:a7:54:45:f0:f5:f9:d5:31:65:fe
-               6b:58:9c:71:b3:1e:d7:52:ea:32:17:fc:40:60:1d:c9
-               79:24:b2:f6:6c:fd:a8:66:0e:82:dd:98:cb:da:c2:44
-               4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46:8a:78:a3:e3
+               d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28
+               32:b5:7c:fc:6c:9c:2c:2b:bd:09:9e:53:bf:6b:5e:aa
+               11:48:b6:e5:08:a3:b3:ca:3d:61:4d:d3:46:09:b3:3e
+               c3:a0:e3:63:55:1b:f2:ba:ef:ad:39:e1:43:b9:38:a3
+               e6:2f:8a:26:3b:ef:a0:50:56:f9:c6:0a:fd:38:cd:c4
+               0b:70:51:94:97:98:04:df:c3:5f:94:d5:15:c9:14:41
+               9c:c4:5d:75:64:15:0d:ff:55:30:ec:86:8f:ff:0d:ef
+               2c:b9:63:46:f6:aa:fc:df:bc:69:fd:2e:12:48:64:9a
+               e0:95:f0:a6:ef:29:8f:01:b1:15:b5:0c:1d:a5:fe:69
+               2c:69:24:78:1e:b3:a7:1c:71:62:ee:ca:c8:97:ac:17
+               5d:8a:c2:f8:47:86:6e:2a:c4:56:31:95:d0:67:89:85
+               2b:f9:6c:a6:5d:46:9d:0c:aa:82:e4:99:51:dd:70:b7
+               db:56:3d:61:e4:6a:e1:5c:d6:f6:fe:3d:de:41:cc:07
+               ae:63:52:bf:53:53:f4:2b:e9:c7:fd:b6:f7:82:5f:85
+               d2:41:18:db:81:b3:04:1c:c5:1f:a4:80:6f:15:20:c9
+               de:0c:88:0a:1d:d6:66:55:e2:fc:48:c9:29:26:69:e0
 Other Information:
        MD5 fingerprint:
-               abbfeae36b29a6cca6783599efad2b80
+               3e455215095192e1b75d379fb187298a
        SHA-1 fingerprint:
-               2f173f7de99667afa57af80aa2d1b12fac830338
+               b1bc968bd4f49d622aa89a81f2150152a41d829c
        Public Key Id:
                76c90e915207cfcd7ac1afbd6cc2465c182cae9f

 -----BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
 A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
 b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
-MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
 YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
 aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
 jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
@@ -2729,14 +2729,14 @@
 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
 snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
 U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
-9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
-YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
-5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
-gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
-rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
-ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
-Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
 -----END CERTIFICATE-----

Comment 7 Brad Hards 2010-03-10 05:45:58 UTC

SVN commit 1101476 by bhards:

Update Globalsign 2014 root for new expiry date (2028)

CCBUG:175651


 M  +10 -10    caroot/ca-bundle.crt  
 A             globalsign-root-r1.pem  
 M  +1 -1      ksslcalist  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1101476

Comment 8 Brad Hards 2010-03-10 05:48:18 UTC

The R3 ("2029") root is pending approval in Mozilla or IE.

Comment 9 Steve Roylance 2010-12-03 14:17:27 UTC

Mozilla and IE now have the R3 root.    Mozilla from mid 2010 and Firefox in version 3.6.12.    

Please let me know if you need anything else from me.

You should have R1, R2 and R3
http://secure.globalsign.net/cacert/Root-R1.crt
http://secure.globalsign.net/cacert/Root-R2.crt
http://secure.globalsign.net/cacert/Root-R3.crt

Steve

Comment 10 Dawit Alemayehu 2014-11-07 03:35:25 UTC

KDE now uses Qt for SSL and Qt relies on system certificates so this is no longer necessary or applicable since the cacertificate bundle contains the afforementioned certs.