in my role as unpaid tech advisor for our local library, may I ask a
question about the ipsCA issue?

Is my understanding correct that ipsCA currently reissues certificates [1]
signed with a root CA that is not yet in Mozilla products, due to IPS's
delaying the necessary vetting process [2]? In other words, Mozilla users
would see security warnings even if a reissued certificate was used?

The reason I'm confused is that I, like David, saw a number of still valid
certificates from "IPS Internet publishing Services s.l." already shipping
with Firefox, alongside the now-expired certificate. But I suppose those
certificates are for something else and the reissued certificates won't be
signed using them?


 - Godmar


On Thu, Dec 17, 2009 at 4:02 PM, John Wynstra <[log in to unmask]> wrote:

> Out of curiosity, did anyone else using ipsCA certs receive notification
> that due to the coming expiration of their root CA (December 29,2009), they
> would need a reissued cert under a new root CA?
> I am uncertain as to how this new Root CA will become a part of the
> browsers trusted roots without some type of user action including a software
> upgrade, but the following library website instructions lead me to believe
> that this is not going to be smooth.
> We are just about to go live with EZProxy in January with an ipsCA cert
> issued a few months ago, and I am not about to do that if I have serious
> browser support issue.
> --
> <><><><><><><><><><><><><><><><><><><>
> John Wynstra
> Library Information Systems Specialist
> Rod Library
> University of Northern Iowa
> Cedar Falls, IA  50613
> [log in to unmask]
> (319)273-6399
> <><><><><><><><><><><><><><><><><><><>