Closed Bug 1410954 Opened 4 years ago Closed 4 years ago

Add SSL.com root certificates to NSS

Categories

(NSS :: CA Certificates Code, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kwilson, Unassigned)

References

Details

(Whiteboard: In NSS 3.34, FF 58)

Attachments

(4 files)

This bug requests inclusion in the NSS root store of the following root certificates owned by SSL.com.

Root Certificate 1 of 4 
Friendly Name: SSL.com Root Certification Authority RSA
Cert Location: https://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.cer
SHA-1 Fingerprint: B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB
SHA-256 Fingerprint: 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69
Trust Flags: Email; Websites
Test URL: https://test-ov-rsa.ssl.com

Root Certificate 2 of 4 
Friendly Name: SSL.com Root Certification Authority ECC
Cert Location: https://www.ssl.com/repository/SSLcomRootCertificationAuthorityECC.cer
SHA-1 Fingerprint: C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A
SHA-256 Fingerprint: 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65
Trust Flags: Email; Websites
Test URL: https://test-ov-ecc.ssl.com

Root Certificate 3 of 4 
Friendly Name: SSL.com EV Root Certification Authority RSA R2
Cert Location: https://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.pem
SHA-1 Fingerprint: 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A
SHA-256 Fingerprint:
2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C
Trust Flags: Websites
Test URL: https://test-ev-rsa.ssl.com

Root Certificate 4 of 4
Friendly Name: SSL.com EV Root Certification Authority ECC
Cert Location: www.ssl.com/repository/SSLcomEVRootCertificationAuthorityECC.cer
SHA-1 Fingerprint: 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D
SHA-256 Fingerprint: 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8
Trust Flags: Websites
Test URL: https://test-ev-ecc.ssl.com/

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1277336

The next steps are as follows:
1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
2) A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox.
3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly.
4) The Mozilla representative requests that another Mozilla representative review the patch.
5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Leo, Please see step #1 above.
Blocks: 1410956
Hello Kathleen,

All information on this bug is confirmed accurate.

Regards,

Leo Grove
Depends on: 1408080
Leo, 

The test build is available here:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=28d1a40bfeeeccbe5c8d7ac657d7683ab61055a7

To find the binary, for example, for Mac OSX:
- Find the line with OSX that contains tc(B). 
- Click the green B inside that tc(B), and the bottom part of the page will change to show more details of that build.
- In the right hand colum, you see several "artifact uploaded" entries.
- Scroll down that list to find "target.dmg". That's the Mac disk image that you're looking for.

Please test as soon as possible:
https://wiki.mozilla.org/CA/Application_Instructions#Test

Add a comment in this bug as soon as you have completed your testing.
Hello Kathleen,
I can verify that the changes are as expected. I have tested with the Windows, Linux and MacOSX versions and I can confirm that everything appears to be fine.
I have also verified the certdata.txt patch and everything appears to be correct.

Kind regards,
Fotis Loukos
SSL.com Director of Security Architecture
Whiteboard: [ca-tested]
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Whiteboard: [ca-tested] → In NSS 3.34, FF 58
You need to log in before you can comment on or make changes to this bug.