March 2016 CA Communication

ACTION #5: Review the root certificates that you currently have included in Mozilla's CA Certificate Program, and let us know whether any of them can now be removed or could be removed in the next year and, if so, when. For instance, if you have old root certificates that are being replaced by newer root certificates, indicate when you expect to finish migrating your customers to the new root certificates. Provide the Subject/Issuer Field, SHA-1 Fingerprint, and SHA-256 Fingerprint of each root certificate that may be removed, and the date when the root certificate may be removed.

CA Owner Response
AC Camerfirma, S.A. Chambers of Commerce Root will be fully migrated to Chambers of Commerce Root - 2016 by 2020 Chambers of Commerce Root - 2008 will be fully migrated to Chambers of Commerce Root - 2016 by 2020 Global Chambersign Root will be fully migrated to Global Chambersign Root - 2016 by 2020 Global Chambersign Root - 2008 will be fully migrated to Global Chambersign Root - 2016 by 2020
Buypass Issuer: CN = Buypass Class 2 CA 1, O = Buypass AS-983163327, C = NO Subject: CN = Buypass Class 2 CA 1, O = Buypass AS-983163327, C = NO SHA-1 Fingerprint: a0a1ab90c9fc847b3b1261e8977d5fd32261d3cc SHA-256 Fingerprint: 0f4e9cdd264b025550d170806340214fe94434c9b02f697ec710fc5feafb5e38 Date: 10/13/2016
Certicámara We have the following root CN = AC Raíz Certicámara S.A. O = Sociedad Cameral de Certificación Digital - Certicámara S.A. C = CO But plan to create a new one to SHA2 in may 2016, we should finish migrating all users in December 2018.
Government of France (ANSSI, DCSSI) The migration to new certificates will be effective on December 31st 2016. Only the root certificate (IGC/A, registered in the Mozilla Firefox browser) will be removed from the Mozilla's CA Certificate Program.
Government of Japan, Ministry of Internal Affairs and Communications Currently, we are migrating from SHA-1 to SHA-2. Estimated completion date is 2017-3-31.
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) Yes, We have a old root CA that could be removed at january 2017 (finish migration). The certificate data are: Subject: CN = Root CA Generalitat Valenciana OU = PKIGVA O = Generalitat Valenciana C = ES SHA1 Fingerprint: A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46 SHA256 Fingerprint: 8C:4E:DF:D0:43:48:F3:22:96:9E:7E:29:A4:CD:4D:CA:00:46:55:06:1C:16:E1:B0:76:42:2E:F3:42:AD:63:0E
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) We have one root certificate called "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3" included in Mozilla's CA Certificate Program. It has an expire date at ‎21 .08 . 2017 . Nowadays, we have a new root request with Bug Report #1262809.
HARICA HARICA expects the two ROOT CAs issued in 2015 and approved by Mozilla ( to be propagated to Application Software Suppliers. This process is not under HARICA's control. As soon as the new Roots are propagated, the current Root (2011) will be phased-out. When all end-entity certificates expire or become revoked, the old Root will be decommissioned.
IdenTrust Services, LLC CN = DST ACES CA X6 OU = DST ACES O = Digital Signature Trust C = US Removal date: After November 21, 2017 SHA-1 Fingerprint: 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D SHA-256 Fingerprint: 76:7C:95:5A:76:41:2C:89:AF:68:8E:90:A1:C7:0F:55:6C:FD:6B:60:25:DB:EA:10:41:6D:7E:B6:83:1F:8C:40
SK ID Solutions AS Subject/Issuer field: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE SHA-1 Fingerprint: 409D 4BD9 17B5 5C27 B69B 64CB 9822 440D CD09 B889 SHA-256: ecc3e9c3407503bee091aa952f41348ff88baa863b2264befac807901574e939 The root certificate can be removed after 08/26/2016.
SwissSign AG When the new G3 certificates are included we estimate a 3 year period until we can remove the old SHA1 bases Root certificates. We will inform you in advance as soon as we have fixed this date.
Symantec None for now
Telia Company (formerly TeliaSonera) We have finished the migration from Sonera Class1 CA and closed it. It can be now removed from trusted roots. its SHA1 fingerprint is 07 47 22 01 99 ce 74 b9 7c b0 3d 79 b2 64 a2 c8 55 e9 33 ff. Its subject is CN = Sonera Class1 CA, O = Sonera, C = FI
Wells Fargo Bank N.A. None at this time but we will be decommissioning our WellsSecure Public Root eventually once all issued end-entity certificates expire. We will notify Mozilla about this sometime in 2017.