I think you are correct. I and another library went and got a re-issued cert from ipsCA, stuck it in ezproxy, and found that Firefox as well as opera gave a security warning. (Actually, Opera never did work with the old ipsCA cert either.)
There is also correspondence between Mozilla and ipsCA, culminating in a note that Mozilla won't be activating the ipsCA cert, since they are past the deadline.
I was interested from the language that there seemed to be a way of activating certs rather than just putting them in there; perhaps you are seeing "inactive" certs from ipsCA?
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Godmar Back
Sent: Monday, January 04, 2010 2:52 PM
To: [log in to unmask]
Subject: Re: [CODE4LIB] ipsCA Certs
in my role as unpaid tech advisor for our local library, may I ask a
question about the ipsCA issue?
Is my understanding correct that ipsCA currently reissues certificates 
signed with a root CA that is not yet in Mozilla products, due to IPS's
delaying the necessary vetting process ? In other words, Mozilla users
would see security warnings even if a reissued certificate was used?
The reason I'm confused is that I, like David, saw a number of still valid
certificates from "IPS Internet publishing Services s.l." already shipping
with Firefox, alongside the now-expired certificate. But I suppose those
certificates are for something else and the reissued certificates won't be
signed using them?
On Thu, Dec 17, 2009 at 4:02 PM, John Wynstra <[log in to unmask]> wrote:
> Out of curiosity, did anyone else using ipsCA certs receive notification
> that due to the coming expiration of their root CA (December 29,2009), they
> would need a reissued cert under a new root CA?
> I am uncertain as to how this new Root CA will become a part of the
> browsers trusted roots without some type of user action including a software
> upgrade, but the following library website instructions lead me to believe
> that this is not going to be smooth. http://bit.ly/53Npel
> We are just about to go live with EZProxy in January with an ipsCA cert
> issued a few months ago, and I am not about to do that if I have serious
> browser support issue.
> John Wynstra
> Library Information Systems Specialist
> Rod Library
> University of Northern Iowa
> Cedar Falls, IA 50613
> [log in to unmask]