Closed Bug 1131698 Opened 7 years ago Closed 7 years ago

Add CFCA EV ROOT root certificate to NSS


(NSS :: CA Certificates Code, task)

Not set


(Not tracked)



(Reporter: kwilson, Unassigned)



(Whiteboard: In NSS 3.18, Firefox 38)


(3 files)

Attached file CFCAEVROOT.cert
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by China Financial Certification Authority (CFCA).

Friendly Name: CFCA EV ROOT
Cert Location:
SHA-1 Fingerprint: E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83
Trust Flags: Websites
Test URL:

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #926029. 

The next steps are as follows:
1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate has been attached.
2) A Mozilla representative creates a patch with the new certificate, and provides a special test version of Firefox.
3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificate has been correctly imported and that websites work correctly.
4) The Mozilla representative requests that another Mozilla representative review the patch.
5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.
Zhao, Please see step #1 above.
Blocks: 1131699
Thank you Kathleen, 

(Checked)All data in this bug is correct.
(Checked)The "CFCAEVROOT.cert" in the attachment of this bug is correct.

Please move on to the next step.

Spring Festival of China(FEB 18 ~ FEB 24) is near. During this period, if there is any update, please post them here(instead of E-mail), or in the bug
I'll check everyday.

Thanks again!
Depends on: 1132496
Test builds of a development version of Firefox, which contain the requested change(s), can be found here:
This does NOT yet add EV status. Please ignore that EV is not yet enabled, and please test that the root has been correctly added.
Zhao, Please test the code change as described here:
1,Download Firefox Nightly firefox-38.0a1.en-US.win32.installer.exe from

2,Create New profile using “Run Firefox.exe -P”

3,Test website as attachment, Result is Correct and without EV treatment.
Attachment #8564656 - Flags: feedback+
4,The root has been correctly added, Security Device is "Builtin Object Token"
Which is correct.

5,Trust bit is website, Correct.

Test procedure follows

The test is completed, please see the attachments, results are consistent with the description Kai Engert states.

Everything is correct.

If you need more info or test, I will provide them as soon as possible.
Closed: 7 years ago
Resolution: --- → FIXED
Whiteboard: In NSS 3.18, Firefox 38
You need to log in before you can comment on or make changes to this bug.