Class3 Re-sign - Migration Project May/June 2011

CAcert has embarked on an interim project to re-sign the Class 3 root. The project is inspired by the Mozilla announcement of Dates for Phasing out MD5-based signatures and 1024-bit moduli. Community members from the Software-Assessment Project team and Critical System Administrators team rose to the challenge to prepare, test and implement a class3 re-sign procedure.

The intention is to re-sign the class3 subroot with new sha256, and rollout the certificate. All issued class3 keys are still valid, because the class3 private key is still intact. It is similiar in process and effect to a certificate renewal. All users who uses a class3-issued cert have to replace the class3 subroot certificate in their browser, email client, or server (once only).

Project timeline

Sources where class3 fingerprints needs to be changed

Press Release Distribution List

Prepared Help Page(s)

Class3 Subroot Re-sign project on Software-Assessment Project meeting agendas

Class3 compatibility checklist


Roots/Class3ResignProcedure/Migration (last edited 2011-08-15 09:17:33 by UlrichSchroeter)