Add the CA : Might Espace SSL

VERIFIED DUPLICATE of bug 1148786

Status

()

VERIFIED DUPLICATE of bug 1148786
4 years ago
4 years ago

People

(Reporter: kacymimo, Unassigned)

Tracking

37 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

1.29 KB, application/x-x509-ca-cert
Details
(Reporter)

Description

4 years ago
Created attachment 8593471 [details]
ca.crt

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Build ID: 20150402191859

Steps to reproduce:

Name : Might Espace SSL
Url : No URL in the certificate
Organism type : A future society
Users : Society,Persons 

The CA need to be include in Mozilla Products because, example : The MECloud using this CA,or a Game using this CA, Products needing SSL Security.

(Personnal note : Sorry for my bad english..., im French)
(Reporter)

Updated

4 years ago
Alias: add-a-new-ca
Component: Untriaged → Security
OS: Windows 7 → All
Hardware: x86_64 → All

Comment 1

4 years ago
The CA should submit itself into the root store, and there are formal requirements for this. More details are here:

https://wiki.mozilla.org/CA:Overview#How_to_Apply_for_Root_Inclusion_or_Changes

Assuming you are a user of products that use their certificates, you should contact the CA (or ask the products to use an alternative CA and/or for the products to contact the CA) so that it applies for inclusion. We can't just add random certificates that people upload to a bug to everybody's copy of Firefox. :-)
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
(Reporter)

Comment 2

4 years ago
Yes, im using my CA, because, not only me, TheTarknessGames (https://thetarknessgames.cf), Firbbo Organisation (not HTTPS today), MECloud (https://cloud.might-espace.cf/), and it's really my CA, i have send 2 requests on BugZilla.
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---

Comment 3

4 years ago
Please follow the instructions Kathleen gave you in bug 1148786 comment 1.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1148786

Updated

4 years ago
Status: RESOLVED → VERIFIED
(Reporter)

Comment 4

4 years ago
I have followed the instructions of Kathleen.... what is the problem?
Alias: add-a-new-ca
(Reporter)

Comment 5

4 years ago
I have followed the instructions of Kathleen.... what is the problem?
Flags: needinfo?(gijskruitbosch+bugs)

Comment 6

4 years ago
(In reply to Kacy Luzzardi from comment #5)
> I have followed the instructions of Kathleen.... what is the problem?

Did the instructions say to file a security-sensitive bug in Firefox::Security? I doubt it...

Kathleen?
Flags: needinfo?(gijskruitbosch+bugs) → needinfo?(kwilson)

Comment 7

4 years ago
(In reply to :Gijs Kruitbosch from comment #6)
> (In reply to Kacy Luzzardi from comment #5)
> > I have followed the instructions of Kathleen.... what is the problem?
> 
> Did the instructions say to file a security-sensitive bug in
> Firefox::Security? 

No.

https://wiki.mozilla.org/CA:How_to_apply#Creation_and_submission_of_the_root_CA_certificate_inclusion_request
"2. Once you are ready, formally submit your request using the Mozilla project's Bugzilla issue tracking system:
... Create a new bug report corresponding to your request. The link just given will fill in many the multiple-choice fields correctly, and add templated text ... If the link to create a bug report does not work for you, then follow the instructions in CA Information Template to manually create the bug and set the appropriate fields.
Do NOT select "Restricted Visibility" or "Role Visibility". All information that is submitted for Root Inclusion requests must be publicly available.

https://wiki.mozilla.org/CA:Information_template
"There is a link on the How_to_apply page that will automatically create the bug to request root inclusion, with all of the appropriate fields filled in and with a template in the bug description field.
Using the link, a bug will be created with the following fields set:
    Product: mozilla.org
    Component: CA Certificates
    Version: Other
    Severity: enhancement
    Platform: All
    OS: All
    Summary: Add [your CA's name] root certificate(s)
    Description: [see below]"


Anyways, as I said in Bug #1148786
Please read the following:
https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates#CAs_included_in_Firefox
https://wiki.mozilla.org/CA:How_to_apply
https://wiki.mozilla.org/CA

In particular please start with https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates#CAs_included_in_Firefox
"If your certificates will only be used to verify one domain (e.g. *.yourcompany.com) but you want others outside of your organization to be able to browse to your website using https without having to manually import a root certificate, then you can get an SSL certificate from one of the CAs who already have a root certificate included in the major browsers."

and
https://wiki.mozilla.org/CA:How_to_apply#Applying_for_root_inclusion_in_Mozilla_products
"IMPORTANT Items to Note:
- The information listed in CA Information Checklist is expected to be publicly available so that it can be reviewed and referenced during the Public Discussion Phase and for future reference.
- Having a root included in NSS is not a one-time effort. After a CA has a root included in NSS, it is expected that the CA will continue to be aware of ongoing discussions and updates to the Mozilla CA Certificate Policy. The CA is required to send regular updated audits to Mozilla. The CA is required to update their policies as the Mozilla CA Certificate Policy is updated.
- According to the Mozilla CA Certificate Policy: "We will determine which CA certificates are included in software products distributed through mozilla.org, based on the benefits and risks of such inclusion to typical users of those products." and "We require that all CAs whose certificates are distributed with our software product ... provide some service relevant to typical users of our software products" It is the CAs responsibility to explain why their root needs to be included in NSS and explain how the inclusion will benefit typical Mozilla users."

If you believe that direct inclusion of your CA certificate will benefit a significant number of typical users, then please proceed by getting the appropriate audits according to sections 11 through 14 of https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/

Then file a new Bugzilla bug as described on the CA:How_to_apply wiki page, and provide all of the required information as listed here: https://wiki.mozilla.org/CA:Information_checklist

Thanks,
Kathleen
Flags: needinfo?(kwilson)
You need to log in before you can comment on or make changes to this bug.