Closed Bug 1120604 Opened 7 years ago Closed 7 years ago

Add Entrust G2 and EC1 root certificates to NSS

Categories

(NSS :: CA Certificates Code, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kwilson, Unassigned)

References

Details

(Whiteboard: In NSS 3.18, Firefox 38)

Attachments

(2 files)

1.52 KB, application/x-x509-ca-cert
Details
1.08 KB, application/x-x509-ca-cert
Details
This bug requests inclusion in the NSS root certificate store of the following 2 certificates, owned by Entrust.
	 
Friendly Name: Entrust Root Certification Authority - G2
Cert Location: https://bugzilla.mozilla.org/attachment.cgi?id=567059
SHA-1 Fingerprint: 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
Trust flags: Websites, Email, Code Signing
Test URL: https://validg2.entrust.net/
	 
Friendly Name: Entrust Root Certification Authority - EC1
Cert Location: https://bugzilla.mozilla.org/attachment.cgi?id=813664
SHA-1 Fingerprint: 20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47
Trust flags: Websites, Email, Code Signing
Test URL: https://validec.entrust.net

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug 849950. 

The next steps are as follows:
1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
2) A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox.
3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly.
4) The Mozilla representative requests that another Mozilla representative review the patch.
5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Attached file EntrustRoot-G2.cert
Attached file EntrustRoot-EC1.cert
Bruce, Please see step #1 above.
Blocks: 1120608
Entrust confirms that the information in this bug is correct and the correct root certificates have been attached.

Thanks, Bruce.
Depends on: 1132496
Test builds of a development version of Firefox, which contain the requested change(s), can be found here:
https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-cb8002df70cc/
This does NOT yet add EV status. Please ignore that EV is not yet enabled, and please test that the root has been correctly added.
Bruce, Please test the code change as described here:
https://wiki.mozilla.org/CA:How_to_apply#Testing_Inclusion
The testing was successful. We found both roots in the test browser and we reached our test sites securely.

Thanks, Bruce.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Whiteboard: In NSS 3.18, Firefox 38
You need to log in before you can comment on or make changes to this bug.