Closed
Bug 1155275
Opened 9 years ago
Closed 9 years ago
Add the CA : Might Espace SSL
Categories
(Firefox :: Security, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 1148786
People
(Reporter: kacymimo, Unassigned)
Details
Attachments
(1 file)
1.29 KB,
application/x-x509-ca-cert
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 Build ID: 20150402191859 Steps to reproduce: Name : Might Espace SSL Url : No URL in the certificate Organism type : A future society Users : Society,Persons The CA need to be include in Mozilla Products because, example : The MECloud using this CA,or a Game using this CA, Products needing SSL Security. (Personnal note : Sorry for my bad english..., im French)
Reporter | ||
Updated•9 years ago
|
Alias: add-a-new-ca
Component: Untriaged → Security
OS: Windows 7 → All
Hardware: x86_64 → All
Comment 1•9 years ago
|
||
The CA should submit itself into the root store, and there are formal requirements for this. More details are here: https://wiki.mozilla.org/CA:Overview#How_to_Apply_for_Root_Inclusion_or_Changes Assuming you are a user of products that use their certificates, you should contact the CA (or ask the products to use an alternative CA and/or for the products to contact the CA) so that it applies for inclusion. We can't just add random certificates that people upload to a bug to everybody's copy of Firefox. :-)
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 2•9 years ago
|
||
Yes, im using my CA, because, not only me, TheTarknessGames (https://thetarknessgames.cf), Firbbo Organisation (not HTTPS today), MECloud (https://cloud.might-espace.cf/), and it's really my CA, i have send 2 requests on BugZilla.
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Comment 3•9 years ago
|
||
Please follow the instructions Kathleen gave you in bug 1148786 comment 1.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 4•9 years ago
|
||
I have followed the instructions of Kathleen.... what is the problem?
Updated•9 years ago
|
Alias: add-a-new-ca
Reporter | ||
Comment 5•9 years ago
|
||
I have followed the instructions of Kathleen.... what is the problem?
Flags: needinfo?(gijskruitbosch+bugs)
Comment 6•9 years ago
|
||
(In reply to Kacy Luzzardi from comment #5) > I have followed the instructions of Kathleen.... what is the problem? Did the instructions say to file a security-sensitive bug in Firefox::Security? I doubt it... Kathleen?
Flags: needinfo?(gijskruitbosch+bugs) → needinfo?(kwilson)
Comment 7•9 years ago
|
||
(In reply to :Gijs Kruitbosch from comment #6) > (In reply to Kacy Luzzardi from comment #5) > > I have followed the instructions of Kathleen.... what is the problem? > > Did the instructions say to file a security-sensitive bug in > Firefox::Security? No. https://wiki.mozilla.org/CA:How_to_apply#Creation_and_submission_of_the_root_CA_certificate_inclusion_request "2. Once you are ready, formally submit your request using the Mozilla project's Bugzilla issue tracking system: ... Create a new bug report corresponding to your request. The link just given will fill in many the multiple-choice fields correctly, and add templated text ... If the link to create a bug report does not work for you, then follow the instructions in CA Information Template to manually create the bug and set the appropriate fields. Do NOT select "Restricted Visibility" or "Role Visibility". All information that is submitted for Root Inclusion requests must be publicly available. https://wiki.mozilla.org/CA:Information_template "There is a link on the How_to_apply page that will automatically create the bug to request root inclusion, with all of the appropriate fields filled in and with a template in the bug description field. Using the link, a bug will be created with the following fields set: Product: mozilla.org Component: CA Certificates Version: Other Severity: enhancement Platform: All OS: All Summary: Add [your CA's name] root certificate(s) Description: [see below]" Anyways, as I said in Bug #1148786 Please read the following: https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates#CAs_included_in_Firefox https://wiki.mozilla.org/CA:How_to_apply https://wiki.mozilla.org/CA In particular please start with https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates#CAs_included_in_Firefox "If your certificates will only be used to verify one domain (e.g. *.yourcompany.com) but you want others outside of your organization to be able to browse to your website using https without having to manually import a root certificate, then you can get an SSL certificate from one of the CAs who already have a root certificate included in the major browsers." and https://wiki.mozilla.org/CA:How_to_apply#Applying_for_root_inclusion_in_Mozilla_products "IMPORTANT Items to Note: - The information listed in CA Information Checklist is expected to be publicly available so that it can be reviewed and referenced during the Public Discussion Phase and for future reference. - Having a root included in NSS is not a one-time effort. After a CA has a root included in NSS, it is expected that the CA will continue to be aware of ongoing discussions and updates to the Mozilla CA Certificate Policy. The CA is required to send regular updated audits to Mozilla. The CA is required to update their policies as the Mozilla CA Certificate Policy is updated. - According to the Mozilla CA Certificate Policy: "We will determine which CA certificates are included in software products distributed through mozilla.org, based on the benefits and risks of such inclusion to typical users of those products." and "We require that all CAs whose certificates are distributed with our software product ... provide some service relevant to typical users of our software products" It is the CAs responsibility to explain why their root needs to be included in NSS and explain how the inclusion will benefit typical Mozilla users." If you believe that direct inclusion of your CA certificate will benefit a significant number of typical users, then please proceed by getting the appropriate audits according to sections 11 through 14 of https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Then file a new Bugzilla bug as described on the CA:How_to_apply wiki page, and provide all of the required information as listed here: https://wiki.mozilla.org/CA:Information_checklist Thanks, Kathleen
Flags: needinfo?(kwilson)
You need to log in
before you can comment on or make changes to this bug.
Description
•