Closed Bug 1400145 Opened 8 years ago Closed 6 years ago

Add B-Trust root certificate(s)

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: dnikolov, Assigned: kathleen.a.wilson)

Details

(Whiteboard: [ca-verifying] - Need BR Self Assessment)

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; rv:11.0) like Gecko Steps to reproduce: Dear Team, Our company, BORICА AD is a joint-stock company owned by the Bulgarian National Bank and the commercial banks in the country - http://www.borica.bg/en BORICA AD is a Certification Services Provider (CSP) registered in the Communications Regulation Commission (CRC) with certificate No 2/25.09.2003, and CRC decision No 994/09.09.2010 in accordance with the legal and regulatory framework in force and was successfully audited and assessed for eIDAS Conformity and conformity with ETSI EN 319 411-1 – 2017, EN 319 411-2 – 2017 and EN 319 421 – 2017 We would like to join the Mozilla CA Certificate Root Program Could you please kindly advise on our next steps in the process of joining the program?
CA Details ---------- CA Name: B-Trust Root Qualified CA Website: https://www.b-trust.org Original Root Inclusion: https://bugzilla.mozilla.org/show_bug.cgi?id=1400145 One Paragraph Summary of CA, including the following: Used to issue qualified certificates for qualified electronic signature (eIDAS compliant) to customers for digital signatures and SSL client authentication. Audit Type (WebTrust, ETSI etc.): ETSI Auditor: LSTI Auditor Website: https://www.lsti-certification.fr/ Audit Document URL(s): CA: https://www.lsti-certification.fr/images/Borica_Q055-en_S.pdf Certificate Details ------------------- Certificate Name: B-Trust Root Qualified CA SSL and Digital signature certificates are issued in the following hierarchy: B-Trust Root Qualified CA (http://ca.b-trust.org/repository/B-TrustRootQCA.cer) B-Trust Operational Qualified CA (http://ca.b-trust.org/repository/B-TrustOperationalQCA.cer) User certificates Certificate download URL (on CA website): http://ca.b-trust.org/repository/B-TrustRootQCA.cer Version: 3 Fingerprint: ‎c0 4d 7a 42 7f 5a 82 b1 2d a6 f0 94 88 11 66 8e 1a 67 0a f6 Public key length (for RSA, modulus length) in bits: 4096 Valid From (YYYY-MM-DD): 2017-04-25 Valid To (YYYY-MM-DD): 2037-04-25 CRL HTTP URL: http://crl.b-trust.org/repository/B-TrustRootQCA.crl CRL issuing frequency for subordinate end-entity certificates: 2 hours or on change CRL issuing frequency for subordinate CA certificates: 2 hours or on change OCSP URL: http://ocsp.b-trust.org Certificate Signature Algorithm: SHA256WithRSA Class: qualified certificates for qualified electronic signature Certificate Policy URL: https://www.b-trust.org/web/files/richeditor/filemanager/Qualified_CA_CP_CPS_2017_v.3.2_EN.pdf CPS URL: https://www.b-trust.org/web/files/richeditor/filemanager/Qualified_CA_CP_CPS_2017_v.3.2_EN.pdf Requested Trust Indicators (email and/or SSL and/or code signing): Client SSL authentication
Assignee: kwilson → awu
Whiteboard: [ca-verifying] - Need BR Self Assessment
Hi Dimitar, Please also perform the BR Self Assessment, and attach the resulting BR-self-assessment document to this bug. Note: Current version of the BRs: https://cabforum.org/baseline-requirements-documents/ Until a version of the BRs is published that describes all of the allowed methods of domain validation, use version 1.4.1 for section 3.2.2.4 (Domain validation): https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.1.pdf = Background = We are adding a BR-self-assessment step to Mozilla's root inclusion/change process. Description of this new step is here: https://wiki.mozilla.org/CA:BRs-Self-Assessment It includes a link to a template for CA's BR Self Assessment, which is a Google Doc: https://docs.google.com/spreadsheets/d/1ni41Czial_mggcax8GuCBlInCt1mNOsqbEPzftuAuNQ/edit?usp=sharing Phase-in plan is here: https://groups.google.com/d/msg/mozilla.dev.security.policy/Y-PxWRCIcck/Fi9y6vOACQAJ In particular, note: + For the CAs currently in the queue for discussion, I would ask them to perform this BR Self Assessment before I would start their discussion. Thanks, Aaron
Bulk reassign, see https://bugzilla.mozilla.org/show_bug.cgi?id=1430324
Assignee: awu → kwilson

Closed due to lack of response from CA.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
QA Contact: kwilson
Resolution: --- → WONTFIX
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.