Created attachment 8629725 [details] root.pem CA Details ---------- CA Name: LOVE DEVELOPMENTS LIMITED Root CA Website: http://www.lovedevelopments.com One Paragraph Summary of CA: Commercial Organization that sells online data services. We serve all geographies and wish to issue our own certs under the CA we establish. This requires us to request inclusion into your database to be accepted. No Audit Preformed as we are only signing our own certificates. Certificate Details ------------------- (To be completed once for each certificate; note that we only include root certificates in the store, not intermediates.) Certificate Name: Summary Paragraph, including the following: We issue certificates only to our own sites and servers and only though an intermediary. Our root is stored on a portable drive that is inside a safe in an undisclosed location not related directly to the company. We only issue general certificates, not EV. We are applying here to allow our company certs to be recognized by Mozilla Clients like Firefox and Thunderbird. This would prevent our clients from not trusting our sites or getting warnings when they go to our sites that are signed by our own Root CA. (Much in the same way that Google does so when it signs it's own Certs). - Number and type of subordinate CAs: 1 Root CA, 1 Intermediate CA. Both stored separate, encrypted, and locked in safes. - Root CA -> Intermediate -> Client Cert Certificate download URL (on CA website): N/A Version: 3 SHA1 Fingerprint: 5D:27:AF:B8:D7:D2:91:88:DD:AE:B1:7C:C8:7D:2E:D2:DE:FD:4D:97 Public key length (for RSA, modulus length) in bits: 4096 bits Valid From (YYYY-MM-DD): 2015-07-05 Valid To (YYYY-MM-DD): 2035-06-30 CRL HTTP URL: N/A CRL issuing frequency for subordinate end-entity certificates: N/A CRL issuing frequency for subordinate CA certificates: N/A OCSP URL: N/A Class: domain-validated, identity/organizationally-validated Certificate Policy URL: N/A CPS URL: N/A Requested Trust Indicators (email and/or SSL and/or code signing): SSL URL of example website using certificate subordinate to this root (if applying for SSL): N/A (none signed until approved for inclusion)
* Certificate Name: LOVE DEVELOPMENTS LIMITED Root CA
(In reply to Jacob Halstead from comment #0) > > No Audit Preformed as we are only signing our own certificates. > Does this mean you will NOT be signing customer or subscriber certificates? In other words, will the be for a self-signed user certificate that is your own?
Correct. We will NOT be signing for anyone other than our own company. Attached is an example cert that we signed for ourself.
Created attachment 8632504 [details] Example Certificate Attached is an example cert that we signed for ourself.
Please see https://wiki.mozilla.org/CA:FAQ#How_do_I_get_my_website.27s_certificate_to_be_trusted_by_Firefox.3F
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
(In reply to Kathleen Wilson from comment #5) > Please see > https://wiki.mozilla.org/CA:FAQ#How_do_I_get_my_website. > 27s_certificate_to_be_trusted_by_Firefox.3F We do not wish to go through another CA. We control not only a few domains but hundreds.
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
(In reply to Jacob Halstead from comment #6) > We do not wish to go through another CA. We control not only a few domains > but hundreds. If you control all the domains that use your root certificate, then you apparently might not meet the criteria for inclusion in Mozilla's NSS database. The Mozilla policy "Mozilla CA Certificate Inclusion Policy" at <https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/> states: "We will determine which CA certificates are included in software products distributed by Mozilla, based on the benefits and risks of such inclusion to typical users of those products." With ALL affected domains under your control, your root certificate does not seem to create a benefit for typical Mozilla users, only for users of your services.
(In reply to David E. Ross from comment #7) > If you control all the domains that use your root certificate, then you > apparently might not meet the criteria for inclusion in Mozilla's NSS > database. The Mozilla policy "Mozilla CA Certificate Inclusion Policy" at > <https://www.mozilla.org/en-US/about/governance/policies/security-group/ > certs/policy/inclusion/> states: "We will determine which CA certificates > are included in software products distributed by Mozilla, based on the > benefits and risks of such inclusion to typical users of those products." > With ALL affected domains under your control, your root certificate does not > seem to create a benefit for typical Mozilla users, only for users of your > services. That is correct. Jacob, if you believe otherwise, please explain why inclusion of your root certificates would benefit typical Mozilla users, and not just the users of your services. And provide the information listed here: https://wiki.mozilla.org/CA:Information_checklist Mozilla's CA certificate inclusion process is described here, so you can get a sense of the time it will take: https://wiki.mozilla.org/CA Also, please see the "IMPORTANT Items to Note" list in https://wiki.mozilla.org/CA:How_to_apply
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: Information incomplete
Closing this bug due to inactivity. Please create a new bug if you decide to proceed with your root inclusion request. https://wiki.mozilla.org/CA:How_to_apply
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago → 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.