Yes, you are right. I'm afraid we are using ipsCA certs, and using the
'updated' certs (that is, those that have not expired) are still not
trusted by Firefox. Or Opera or Safari. They are trusted by IE7.
Haven't tested IE6.
Godmar Back wrote:
> in my role as unpaid tech advisor for our local library, may I ask a
> question about the ipsCA issue?
> Is my understanding correct that ipsCA currently reissues certificates 
> signed with a root CA that is not yet in Mozilla products, due to IPS's
> delaying the necessary vetting process ? In other words, Mozilla users
> would see security warnings even if a reissued certificate was used?
> The reason I'm confused is that I, like David, saw a number of still valid
> certificates from "IPS Internet publishing Services s.l." already shipping
> with Firefox, alongside the now-expired certificate. But I suppose those
> certificates are for something else and the reissued certificates won't be
> signed using them?
> - Godmar
>  https://bugzilla.mozilla.org/show_bug.cgi?id=529286
>  http://certs.ipsca.com/Support/hierarchy-ipsca.asp
> On Thu, Dec 17, 2009 at 4:02 PM, John Wynstra <[log in to unmask]> wrote:
>> Out of curiosity, did anyone else using ipsCA certs receive notification
>> that due to the coming expiration of their root CA (December 29,2009), they
>> would need a reissued cert under a new root CA?
>> I am uncertain as to how this new Root CA will become a part of the
>> browsers trusted roots without some type of user action including a software
>> upgrade, but the following library website instructions lead me to believe
>> that this is not going to be smooth. http://bit.ly/53Npel
>> We are just about to go live with EZProxy in January with an ipsCA cert
>> issued a few months ago, and I am not about to do that if I have serious
>> browser support issue.
>> John Wynstra
>> Library Information Systems Specialist
>> Rod Library
>> University of Northern Iowa
>> Cedar Falls, IA 50613
>> [log in to unmask]