Closed
Bug 1196376
Opened 9 years ago
Closed 8 years ago
Enable Email and Code Signing trust bits for AffirmTrust roots
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: kirk_hall, Assigned: kathleen.a.wilson)
Details
(Whiteboard: Information incomplete)
Attachments
(2 files)
AffirmTrust filed Bug 543639 requesting the inclusion of the following four roots in the Mozilla root store in February 2010. AffirmTrust Commercial AffirmTrust Networking AffirmTrust Premium AffirmTrust Premium ECC https://bugzilla.mozilla.org/show_bug.cgi?id=543639 The four roots were approved in February 2011. Because AffirmTrust planned to start with SSL server certs and was not then planning to issue Email (S/MIME or Client) certs or code signing certs at that time, the Email and Code Signing trust bits were not turned on. Trend Micro has successfully issued SSL certs since 2011, and has passed the WebTrust, Extended Validation WebTrust, and Baseline Requirements WebTrust audits multiple times since 2010. AffirmTrust was acquired by Trend Micro in August 2011, and the same principals from AffirmTrust are now running Trend Micro’s trust service operations using the AffirmTrust roots. Trend Micro would like to begin offering email and code signing certs from its roots, so now is applying for Mozilla to turn on the Email and Code Signing trust bits for the four AffirmTrust roots. In support of this application, we offer the following attachments. Trend Micro Certification Practices Statement, Version 2.1 (effective August 12, 2015). See especially Sections 3.2.2.3 (Code Signing) and 3.2.2.4 (Email or Client Certs). The CPS can be viewed here: http://www.trendmicro.com/cloud-content/us/pdfs/business/reports/trend-micro-cps-v2_1-effective-12-august-2015.pdf Test Email Cert (uploaded) Successful WebTrust for CAs Audit covering the most recent audit period April 1, 2014 – March 31, 2015 http://www.trendmicro.com/cloud-content/us/pdfs/business/reports/trend_micro_2014-15_webtrust_report.pdf Successful Extended Validation (EV) WebTrust Audit covering the most recent audit period April 1, 2014 – March 31, 2015 http://www.trendmicro.com/cloud-content/us/pdfs/business/reports/trend_micro_2014-15_ev_webtrust_report.pdf Successful Baseline Requirements (BR) WebTrust Audit covering the most recent audit period April 1, 2014 – March 31, 2015 http://www.trendmicro.com/cloud-content/us/pdfs/business/reports/trend_micro_2014-15_br_webtrust_report.pdf You can validate the three WebTrust audits via the three secure WebTrust seals by clicking on the seals here: http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/ssl-certificates/#resources We will be happy to provide additional information as needed. Kirk Hall Operations Director, Trust Services Trend Micro, Inc.
|
Assignee | |
Comment 1•9 years ago
|
||
I will try to start the Information Verification phase soon. https://wiki.mozilla.org/CA:How_to_apply#Information_Verification
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Updated•9 years ago
|
Whiteboard: Information incomplete
|
|
Assignee | |
Comment 2•9 years ago
|
||
I have entered the information for this request into Salesforce. Please review the attached document to make sure it is accurate and complete, and comment in this bug to provide corrections and the additional requested information.
|
|
Assignee | |
Comment 3•9 years ago
|
||
Update regarding the EV testing (https://wiki.mozilla.org/PSM:EV_Testing_Easy_Version) of the Premium ECC cert, I received this from the developer who maintains the EV Test: "Regarding the error that is being returned: "As far as I can tell, premiumecc.affirmtrust.com:4433 is resetting any connections made from cert-checker.allizom.org (running locally, it works for me, although it looks like the intermediate is missing its OCSP URL). So, I think the problem is on their end."
(In reply to Kathleen Wilson from comment #3) > Update regarding the EV testing > (https://wiki.mozilla.org/PSM:EV_Testing_Easy_Version) of the Premium ECC > cert, I received this from the developer who maintains the EV Test: > "Regarding the error that is being returned: "As far as I can tell, > premiumecc.affirmtrust.com:4433 is resetting any connections made from > cert-checker.allizom.org (running locally, it works for me, although it > looks like the intermediate is missing its OCSP URL). So, I think the > problem is on their end." Hi - we updated our intermediate issuing CAs for the two roots in question, AffirmTrust Premium and AffirmTrust Premium ECC so the links should work correctly and display EV green in Firefox now. Can you please continue processing this bug to turn on the trust bits? Thanks. Here are the test cert URLs for the two roots with problems above: AffirmTrust Premium Root - https://premium.affirmtrust.com:4432/ AffirmTrust Premium ECC Root - https://premiumecc.affirmtrust.com:4433/
|
|
Assignee | |
Comment 5•9 years ago
|
||
(In reply to Kirk Hall from comment #4) > Can you please continue > processing this bug to turn on the trust bits? Please see the attachment in Comment #2 to see the information that is still needed, and comment in this bug to provide the requested information.
Kathleen, our group has decided we are not going forward with Email certs at this time, so I'd like to terminate the bug I filed. Thanks for all your help. Kirk Hall
|
|
Assignee | |
Comment 7•8 years ago
|
||
(In reply to Kirk Hall from comment #6) > Kathleen, our group has decided we are not going forward with Email certs at > this time, so I'd like to terminate the bug I filed. Thanks for all your > help. Kirk Hall Closing as WONTFIX. Thanks
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
|
||
Updated•7 years ago
|
Product: mozilla.org → NSS
|
||
Updated•2 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•