Closed Bug 1131698 Opened 6 years ago Closed 5 years ago
Add CFCA EV ROOT root certificate to NSS
This bug requests inclusion in the NSS root certificate store of the following certificate, owned by China Financial Certification Authority (CFCA). Friendly Name: CFCA EV ROOT Cert Location: https://bugzilla.mozilla.org/attachment.cgi?id=8356494 SHA-1 Fingerprint: E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 Trust Flags: Websites Test URL: https://pub.cebnet.com.cn This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #926029. The next steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate has been attached. 2) A Mozilla representative creates a patch with the new certificate, and provides a special test version of Firefox. 3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificate has been correctly imported and that websites work correctly. 4) The Mozilla representative requests that another Mozilla representative review the patch. 5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED. 6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificate. This process is mostly under the control of the release drivers for those products.
Zhao, Please see step #1 above.
Thank you Kathleen, (Checked)All data in this bug is correct. (Checked)The "CFCAEVROOT.cert" in the attachment of this bug is correct. Please move on to the next step. Spring Festival of China(FEB 18 ~ FEB 24) is near. During this period, if there is any update, please post them here(instead of E-mail), or in the bug https://bugzilla.mozilla.org/show_bug.cgi?id=926029 https://bugzilla.mozilla.org/show_bug.cgi?id=1131699 I'll check everyday. Thanks again!
Test builds of a development version of Firefox, which contain the requested change(s), can be found here: https://email@example.com/
This does NOT yet add EV status. Please ignore that EV is not yet enabled, and please test that the root has been correctly added.
Zhao, Please test the code change as described here: https://wiki.mozilla.org/CA:How_to_apply#Testing_Inclusion
1，Download Firefox Nightly firefox-38.0a1.en-US.win32.installer.exe from https://firstname.lastname@example.org/ 2,Create New profile using “Run Firefox.exe -P” 3,Test website as attachment, Result is Correct and without EV treatment.
Attachment #8564656 - Flags: feedback+
4,The root has been correctly added, Security Device is "Builtin Object Token" Which is correct. 5,Trust bit is website, Correct. Test procedure follows https://wiki.mozilla.org/CA:How_to_apply#Testing_Inclusion The test is completed, please see the attachments, results are consistent with the description Kai Engert states. Everything is correct. If you need more info or test, I will provide them as soon as possible.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Whiteboard: In NSS 3.18, Firefox 38
You need to log in before you can comment on or make changes to this bug.