Closed Bug 1410954 Opened 4 years ago Closed 4 years ago

Add root certificates to NSS


(NSS :: CA Certificates Code, task)

Not set


(Not tracked)



(Reporter: kwilson, Unassigned)



(Whiteboard: In NSS 3.34, FF 58)


(4 files)

This bug requests inclusion in the NSS root store of the following root certificates owned by

Root Certificate 1 of 4 
Friendly Name: Root Certification Authority RSA
Cert Location:
SHA-1 Fingerprint: B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB
SHA-256 Fingerprint: 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69
Trust Flags: Email; Websites
Test URL:

Root Certificate 2 of 4 
Friendly Name: Root Certification Authority ECC
Cert Location:
SHA-1 Fingerprint: C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A
SHA-256 Fingerprint: 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65
Trust Flags: Email; Websites
Test URL:

Root Certificate 3 of 4 
Friendly Name: EV Root Certification Authority RSA R2
Cert Location:
SHA-1 Fingerprint: 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A
SHA-256 Fingerprint:
Trust Flags: Websites
Test URL:

Root Certificate 4 of 4
Friendly Name: EV Root Certification Authority ECC
Cert Location:
SHA-1 Fingerprint: 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D
SHA-256 Fingerprint: 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8
Trust Flags: Websites
Test URL:

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1277336

The next steps are as follows:
1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
2) A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox.
3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly.
4) The Mozilla representative requests that another Mozilla representative review the patch.
5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Leo, Please see step #1 above.
Blocks: 1410956
Hello Kathleen,

All information on this bug is confirmed accurate.


Leo Grove
Depends on: 1408080

The test build is available here:

To find the binary, for example, for Mac OSX:
- Find the line with OSX that contains tc(B). 
- Click the green B inside that tc(B), and the bottom part of the page will change to show more details of that build.
- In the right hand colum, you see several "artifact uploaded" entries.
- Scroll down that list to find "target.dmg". That's the Mac disk image that you're looking for.

Please test as soon as possible:

Add a comment in this bug as soon as you have completed your testing.
Hello Kathleen,
I can verify that the changes are as expected. I have tested with the Windows, Linux and MacOSX versions and I can confirm that everything appears to be fine.
I have also verified the certdata.txt patch and everything appears to be correct.

Kind regards,
Fotis Loukos Director of Security Architecture
Whiteboard: [ca-tested]
Closed: 4 years ago
Resolution: --- → FIXED
Whiteboard: [ca-tested] → In NSS 3.34, FF 58
You need to log in before you can comment on or make changes to this bug.