Last Comment Bug 653761 - Add ACCV root CA certificate to NSS
: Add ACCV root CA certificate to NSS
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: CA Certificates Code (show other bugs)
: trunk
: All All
-- enhancement (vote)
: 3.12.11
Assigned To: nobody
:
:
Mentors:
Depends on: 671002
Blocks: 274100
  Show dependency treegraph
 
Reported: 2011-04-29 09:57 PDT by Kathleen Wilson
Modified: 2011-07-31 23:44 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
ACCV Root Cert (2.31 KB, text/x-vhdl)
2011-04-29 09:57 PDT, Kathleen Wilson
no flags Details

Description User image Kathleen Wilson 2011-04-29 09:57:25 PDT
Created attachment 529127 [details]
ACCV Root Cert

This bug requests inclusion in the NSS root certificate store of the following
certificate, owned by ACCV.

Friendly name: Root CA Generalitat Valenciana
Certificate location: http://www.pki.gva.es/gestcert/rootca.crt
SHA1 Fingerprint: A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46
Trust flags: Websites, Email, Code Signing
Test URL: https://www.accv.es/  

This CA has been assessed in accordance with the Mozilla project guidelines,
and the certificate approved for inclusion in bug #274100.

The steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is
correct, and that the correct certificate has been attached.

2) A Mozilla representative creates a patch with the new certificate, and
provides a special test version of Firefox.

3) A representative of the CA uses the test version of Firefox to confirm (by
adding a comment in this bug) that the certificate has been correctly
imported and that websites work correctly.

4) The Mozilla representative requests that another Mozilla representative
review the patch.

5) The Mozilla representative adds (commits) the patch to NSS, then closes this
bug as RESOLVED FIXED.

6) At some time after that, various Mozilla products will move to using a
version of NSS which contains the certificate(s). This process is mostly under
the control of the release drivers for those products.
Comment 1 User image Kathleen Wilson 2011-04-29 10:06:36 PDT
Jose, Please see step #1 above.
Comment 2 User image Jose Amador 2011-04-29 11:06:55 PDT
Hi Kathleen

The data and the certificate are correct (also work http://www.accv.es/gestcert/rootca.crt )


Thank you very much for your work!

Regards
Comment 3 User image Kathleen Wilson 2011-05-03 15:27:01 PDT
Thanks for confirming that the data in this bug is correct.

Root inclusions are usually grouped and done as a batch when there is
either a large enough set of changes or about every 3 months.

At some point in the next 3 months a test build will be provided and this bug
will be updated to request that you test it. Since you are cc'd on this bug,
you will get notification via email when that happens.
Comment 4 User image Kai Engert (:kaie:) 2011-07-12 11:33:08 PDT
Your test url https://www.accv.es/ is a bad example.

While the main page is loaded using https, all media inside it are loaded with plain http.

This means, you will not get security indicators for that page.

I propose you fix that site, or provide a better test url.
Comment 5 User image Kai Engert (:kaie:) 2011-07-12 11:37:44 PDT
Actually, in my humble opinion, if https://www.accv.es/ is the home page of your certificate authority, I think you should really fix it to serve all content using the secure channel.
Comment 6 User image Jose Amador 2011-07-12 12:06:03 PDT
Hi Kai

Thanks for your advice. This is the default behavior of our cms typo3. 

We have several sites to test:

https://www.valencia.es/
https://sede.upct.es/
https://www.castello.es/inicio.php?id=cas
https://www.dipcas.es/

Tell me if you need something more

Thanks in advance

Regards
Comment 7 User image Kai Engert (:kaie:) 2011-07-12 12:29:03 PDT
Ok, https://sede.upct.es/ looks good.
Comment 9 User image Jose Amador 2011-07-15 06:25:08 PDT
Hi

I test the builds and they work perfectly.

Thank you very much.

Regards
Comment 10 User image Kai Engert (:kaie:) 2011-07-31 23:44:08 PDT
Fixed in bug 671002, done for NSS 3.12.11

Note You need to log in before you can comment on or make changes to this bug.