Closed Bug 1130333 Opened 10 years ago Closed 8 years ago

Add "Autoridad de Certificacion de la Abogacía" root certificate

Categories

(CA Program :: CA Certificate Root Program, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: aca.root, Assigned: kathleen.a.wilson)

References

()

Details

(Whiteboard: Information incomplete)

Attachments

(2 files)

CA Details ---------- CA Name: Autoridad de Certificación de la Abogacia Website: www.acabogacia.org One Paragraph Summary of CA, including the following: - General nature (e.g., commercial, government, academic/research, nonprofit) - Primary geographical area(s) served In its capacity as the entity regulating the Spanish Bar Associations, the National Council of Spanish Bar Associations (CGAE) has the status of public corporation, and has established its own certification system for the purpose of issuing certificates for diverse uses and different end users. For this reason, different types of certificates are generated. Certificates are issued to end entities, including Bar members, administrative and service personnel, organisations and natural persons representing said organisation. The Primary geographical área is Spain, but some certificates are issued for other European Countries. Audit Type (WebTrust, ETSI etc.):Webtrust Auditor: Ernst&Young Auditor Website:www.ey.com Audit Document URL(s):https://cert.webtrust.org/ViewSeal?id=1330 Certificate Details ------------------- (To be completed once for each certificate; note that we only include root certificates in the store, not intermediates.) Certificate Name:Autoridad de Certificacion de la Abogacia Summary Paragraph, including the following: - End entity certificate issuance policy (i.e. what you plan to do with the root) - Number and type of subordinate CAs - Diagram and/or description of certificate hierarchy The general structure of the ACA PKI comprises two levels: One Root CA named "Autoridad de Certificación de la Abogacía" and two subordinated CAs in the second level: ACA – Corporate Certificates 2014 and ACA – Trusted Certificates 2014. Diferent end users certificates are issued by the Subordinated CAs under their own certification Policy. Certificate download URL (on CA website):https://documentacion.redabogacia.org/docushare/dsweb/View/Collection-244979 Version: SHA1 Fingerprint:‎7f 8a 77 83 6b dc 6d 06 8f 8b 07 37 fc c5 72 54 13 06 8c a4 Public key length (for RSA, modulus length) in bits: 2048bits Valid From (YYYY-MM-DD):13‎-june- ‎2005 23:00:00 Valid To (YYYY-MM-DD):13‎-june- ‎2030 23:00:00 CRL HTTP URL:http://www.acabogacia.org/crl/acabogacia.crl http://crl.acabogacia.org/crl/acabogacia.crl http://www.acabogacia.org/crl/ACAcorporativosV2.crl http://crl.acabogacia.org/crl/ACAcorporativosV2.crl http://www.acabogacia.org/crl/ACAtrustedV2.crl http://crl.acabogacia.org/crl/ACAtrustedV2.crl CRL issuing frequency for subordinate end-entity certificates:They are issued every 12 hours and when they suffer a change of status. CRL issuing frequency for subordinate CA certificates:They are issued every 6 months and when they suffer a change of status OCSP URL:http://ocsp.redabogacia.org Class (domain-validated, identity/organizationally-validated or EV):domain-validated, identity/organizationally-validated Certificate Policy URL:https://documentacion.redabogacia.org/docushare/dsweb/View/Collection-1317 CPS URL:https://documentacion.redabogacia.org/docushare/dsweb/View/Collection-1316 Requested Trust Indicators (email and/or SSL and/or code signing):email and SSL URL of example website using certificate subordinate to this root (if applying for SSL):https://www.icahuelva.es/
Our Root CA is already included in Microsoft Root Program
Our Root CA is already included in Microsoft Root Program
Whiteboard: Add "Autoridad de Certificacion de la Abogacía" root certificate
Accepting this bug, so I can start the Information Verification as described here: https://wiki.mozilla.org/CA:How_to_apply#Information_Verification
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: Add "Autoridad de Certificacion de la Abogacía" root certificate → Information incomplete
Attached file ACA_raiz_csrs.cert
(In reply to ACA from comment #0) > URL of example website using certificate subordinate to this root > (if applying for SSL):https://www.icahuelva.es/ The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) See item #11 of https://wiki.mozilla.org/CA:Information_checklist#Technical_information_about_each_root_certificate "Intermediate CA certificates are expected to be distributed to the certificate subjects (the holders of the private keys) together with the subjects' own certificates. Those subject parties (e.g. SSL servers) are then expected to send out the intermediate CA certificates together with their own certificates whenever they are asked to send out their certificates. That is required by SSL/TLS. Certificate authorities MUST advise their subscribers that all intermediate certificates should be installed in the servers containing the dependent subscriber certificates."
The attached document shows the information that has been verified, and where further information or clarification is needed. Please review the entire document for accuracy, and update this bug to provide corrections and the requested information.
There's no update from CA for more than 1.5 year. Closing this bug for now as Won't fix. if CA ever provide further information, this bug will be re-opened.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: