X
Business
Home Business Enterprise Software

Unknown root certificate found in Firefox

It seems that Firefox contains a unknown root certificate that nobody seems to know anything about.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

It seems that Firefox contains a unknown root certificate that nobody seems to know anything about.

I propose that the "RSA Security 1024 V3" root certificate authority be removed from NSS.

OU = RSA Security 1024 V3 O = RSA Security Inc Valid From: 2/22/01 Valid To: 2/22/26 SHA1 Fingerprint: 3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76

I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.

Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS.

Further information is provided in a bug report:

I have exchanged email with both RSA and VeriSign, and both have stated that they do not own the "RSA Security 1024 V3" root certificate.

This is a significant security isse since digital certificates rely on a chain of trust, and the trust anchor for digital certificates is the Root Certificate Authority (CA). Specifically, web browsers use root certificates to verify identities used for secure web connections. However, the users of web browsers have to rely on the browser publisher to make sure that these root certificates are valid. The fact that Firefox contains a root certificate where the current owner is unknown (at this time at any rate) is a little worrying.

Trust no one ...

Editorial standards
Show Comments

Related

Microsoft Copilot

7 reasons I use Copilot instead of ChatGPT

pxl-20240424-181716738

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

asus-zenbook-14-main

The work laptop I recommend to most people is not made by Apple or Lenovo