Closed
Bug 1130333
Opened 10 years ago
Closed 8 years ago
Add "Autoridad de Certificacion de la Abogacía" root certificate
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: aca.root, Assigned: kathleen.a.wilson)
References
()
Details
(Whiteboard: Information incomplete)
Attachments
(2 files)
CA Details
----------
CA Name: Autoridad de Certificación de la Abogacia
Website: www.acabogacia.org
One Paragraph Summary of CA, including the following:
- General nature (e.g., commercial, government, academic/research, nonprofit)
- Primary geographical area(s) served
In its capacity as the entity regulating the Spanish Bar Associations, the National Council of Spanish Bar Associations (CGAE) has the status of public corporation, and has established its own certification system for the purpose of issuing certificates for diverse uses and different end users. For this reason, different types of certificates are generated. Certificates are issued to end entities, including Bar members, administrative and service personnel, organisations and natural persons representing said organisation.
The Primary geographical área is Spain, but some certificates are issued for other European Countries.
Audit Type (WebTrust, ETSI etc.):Webtrust
Auditor: Ernst&Young
Auditor Website:www.ey.com
Audit Document URL(s):https://cert.webtrust.org/ViewSeal?id=1330
Certificate Details
-------------------
(To be completed once for each certificate; note that we only include root
certificates in the store, not intermediates.)
Certificate Name:Autoridad de Certificacion de la Abogacia
Summary Paragraph, including the following:
- End entity certificate issuance policy
(i.e. what you plan to do with the root)
- Number and type of subordinate CAs
- Diagram and/or description of certificate hierarchy
The general structure of the ACA PKI comprises two levels: One Root CA named "Autoridad de Certificación de la Abogacía" and two subordinated CAs in the second level: ACA – Corporate Certificates 2014 and ACA – Trusted Certificates 2014.
Diferent end users certificates are issued by the Subordinated CAs under their own certification Policy.
Certificate download URL (on CA website):https://documentacion.redabogacia.org/docushare/dsweb/View/Collection-244979
Version:
SHA1 Fingerprint:7f 8a 77 83 6b dc 6d 06 8f 8b 07 37 fc c5 72 54 13 06 8c a4
Public key length (for RSA, modulus length) in bits: 2048bits
Valid From (YYYY-MM-DD):13-june- 2005 23:00:00
Valid To (YYYY-MM-DD):13-june- 2030 23:00:00
CRL HTTP URL:http://www.acabogacia.org/crl/acabogacia.crl
http://crl.acabogacia.org/crl/acabogacia.crl
http://www.acabogacia.org/crl/ACAcorporativosV2.crl
http://crl.acabogacia.org/crl/ACAcorporativosV2.crl
http://www.acabogacia.org/crl/ACAtrustedV2.crl
http://crl.acabogacia.org/crl/ACAtrustedV2.crl
CRL issuing frequency for subordinate end-entity certificates:They are issued every 12 hours and when they suffer a change of status.
CRL issuing frequency for subordinate CA certificates:They are issued every 6 months and when they suffer a change of status
OCSP URL:http://ocsp.redabogacia.org
Class (domain-validated, identity/organizationally-validated or EV):domain-validated, identity/organizationally-validated
Certificate Policy URL:https://documentacion.redabogacia.org/docushare/dsweb/View/Collection-1317
CPS URL:https://documentacion.redabogacia.org/docushare/dsweb/View/Collection-1316
Requested Trust Indicators (email and/or SSL and/or code signing):email and SSL
URL of example website using certificate subordinate to this root
(if applying for SSL):https://www.icahuelva.es/
URL: www.acabogacia.org
Whiteboard: Add "Autoridad de Certificacion de la Abogacía" root certificate
Assignee | ||
Comment 3•10 years ago
|
||
Accepting this bug, so I can start the Information Verification as described here:
https://wiki.mozilla.org/CA:How_to_apply#Information_Verification
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: Add "Autoridad de Certificacion de la Abogacía" root certificate → Information incomplete
Assignee | ||
Comment 4•10 years ago
|
||
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to ACA from comment #0)
> URL of example website using certificate subordinate to this root
> (if applying for SSL):https://www.icahuelva.es/
The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)
See item #11 of
https://wiki.mozilla.org/CA:Information_checklist#Technical_information_about_each_root_certificate
"Intermediate CA certificates are expected to be distributed to the certificate subjects (the holders of the private keys) together with the subjects' own certificates. Those subject parties (e.g. SSL servers) are then expected to send out the intermediate CA certificates together with their own certificates whenever they are asked to send out their certificates. That is required by SSL/TLS.
Certificate authorities MUST advise their subscribers that all intermediate certificates should be installed in the servers containing the dependent subscriber certificates."
Assignee | ||
Comment 6•10 years ago
|
||
The attached document shows the information that has been verified, and where further information or clarification is needed. Please review the entire document for accuracy, and update this bug to provide corrections and the requested information.
Comment 7•8 years ago
|
||
There's no update from CA for more than 1.5 year. Closing this bug for now as Won't fix.
if CA ever provide further information, this bug will be re-opened.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Updated•8 years ago
|
Product: mozilla.org → NSS
Updated•2 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•