Add Entrust G2 and EC1 root certificates to NSS

RESOLVED FIXED

Status

task
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: kwilson, Unassigned)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: In NSS 3.18, Firefox 38)

Attachments

(2 attachments)

1.52 KB, application/x-x509-ca-cert
Details
1.08 KB, application/x-x509-ca-cert
Details
Reporter

Description

5 years ago
This bug requests inclusion in the NSS root certificate store of the following 2 certificates, owned by Entrust.
	 
Friendly Name: Entrust Root Certification Authority - G2
Cert Location: https://bugzilla.mozilla.org/attachment.cgi?id=567059
SHA-1 Fingerprint: 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
Trust flags: Websites, Email, Code Signing
Test URL: https://validg2.entrust.net/
	 
Friendly Name: Entrust Root Certification Authority - EC1
Cert Location: https://bugzilla.mozilla.org/attachment.cgi?id=813664
SHA-1 Fingerprint: 20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47
Trust flags: Websites, Email, Code Signing
Test URL: https://validec.entrust.net

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug 849950. 

The next steps are as follows:
1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
2) A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox.
3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly.
4) The Mozilla representative requests that another Mozilla representative review the patch.
5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Reporter

Comment 1

5 years ago
Posted file EntrustRoot-G2.cert
Reporter

Comment 2

5 years ago
Reporter

Comment 3

5 years ago
Bruce, Please see step #1 above.
Reporter

Updated

5 years ago
Blocks: 1120608

Comment 4

5 years ago
Entrust confirms that the information in this bug is correct and the correct root certificates have been attached.

Thanks, Bruce.

Updated

4 years ago
Depends on: 1132496
Test builds of a development version of Firefox, which contain the requested change(s), can be found here:
https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-cb8002df70cc/
This does NOT yet add EV status. Please ignore that EV is not yet enabled, and please test that the root has been correctly added.
Reporter

Comment 7

4 years ago
Bruce, Please test the code change as described here:
https://wiki.mozilla.org/CA:How_to_apply#Testing_Inclusion

Comment 8

4 years ago
The testing was successful. We found both roots in the test browser and we reached our test sites securely.

Thanks, Bruce.
Reporter

Updated

4 years ago
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Whiteboard: In NSS 3.18, Firefox 38
You need to log in before you can comment on or make changes to this bug.