|
|
|
|
|
|
by rndgermandude
2607 days ago
|
|
|
The problem with this approach is that the expired certificate is part of the add-on package files (META-INF/mozilla.rsa; DER encoded PKCS7), not something that you can just swap out on some server. You have to replace the certificate in the add-on packages with the new cert, even if the new one reuses the keys of the old one. At which point you need to ship new add-on package files to users anyway, so key reuse or not makes no difference anymore. |
|
|