I want to let people know that we have submitted ISRG Root X2 (our new ECDSA root) to the Microsoft, Apple, Google, Mozilla, and Oracle root programs for inclusion. This is the first step towards direct trust of our new root. We will let people know when root programs approve inclusion. Note that …

[image] petercooperjr: I don't know what the timeframe is between it appearing in that list and showing up in automatic updates or however the certificates get distributed to the various Microsoft platforms, though. Microsoft says: "The Microsoft Trusted Root Certificate Program releases chan…

I find that MS continues to be extremely lazy and won't show the ISRG Root X2 cert in the trusted store until it has been accessed (at least in my case, directly). I simply opened the cert and it then immediately showed in the trusted store (without any install). https://crt.sh/?d=69729B8E15A86EFC…

Is there any beta test for ISRG Root X2

What do you mean "beta test"? It is in full production already.

My cert is from X3 > R3 > Domain ? I requested ECDSA cert and thats what I got.

For now you have to request be allow-listed for ECDSA, see: [image] ECDSA availability in production environment API Announcements W…

OK, I think I understand you now. I think that any new certs must now be avoiding the soon to be expiring DST Root CA X3. But your browser may still show it (while it is still valid).

Mozilla has started the public discussion phase regarding the inclusion of ISRG Root X2: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/D8coPL0eU3k/m/bE_aRuWxCAAJ This is an important step in Mozillas inclusion process.

The public discussion at Mozilla is over, the current status is "Intent to Approve": https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/D8coPL0eU3k/m/t1JxqeZ8AwAJ

The ISRG Root X2 certificate has been formally accepted by Mozilla, and should appear in the next NSS release. NSS inclusion request: 1738805 - Add ISRG Root X2 root certificate to NSS

ISRG Root X2 Submitted to Root Programs

ISRG/Organizational

hebbet September 13, 2021, 6:51pm 29

For now you have to request be allow-listed for ECDSA, see:

Topic		Replies	Views
ISRG Root X1 added to Firefox for next release ISRG/Organizational	41	9417	June 14, 2020
Get ISRG Root X2 Help	51	4366	June 2, 2022
How do I get the shortest ISRG Root X2 ECDSA chain now Help	31	2271	September 12, 2023
Browser/OS vendors with ISRG root in their root certificate stores ISRG/Organizational	8	6725	May 9, 2019
ISRG Root lazy loading problem + missing from (random) updated Windows 10 versions Help	37	13587	February 4, 2021

ISRG Root X2 Submitted to Root Programs

Related topics