Closed
Bug 1410954
Opened 7 years ago
Closed 7 years ago
Add SSL.com root certificates to NSS
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kathleen.a.wilson, Unassigned)
References
Details
(Whiteboard: In NSS 3.34, FF 58)
Attachments
(4 files)
This bug requests inclusion in the NSS root store of the following root certificates owned by SSL.com. Root Certificate 1 of 4 Friendly Name: SSL.com Root Certification Authority RSA Cert Location: https://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.cer SHA-1 Fingerprint: B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB SHA-256 Fingerprint: 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 Trust Flags: Email; Websites Test URL: https://test-ov-rsa.ssl.com Root Certificate 2 of 4 Friendly Name: SSL.com Root Certification Authority ECC Cert Location: https://www.ssl.com/repository/SSLcomRootCertificationAuthorityECC.cer SHA-1 Fingerprint: C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A SHA-256 Fingerprint: 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 Trust Flags: Email; Websites Test URL: https://test-ov-ecc.ssl.com Root Certificate 3 of 4 Friendly Name: SSL.com EV Root Certification Authority RSA R2 Cert Location: https://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.pem SHA-1 Fingerprint: 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A SHA-256 Fingerprint: 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C Trust Flags: Websites Test URL: https://test-ev-rsa.ssl.com Root Certificate 4 of 4 Friendly Name: SSL.com EV Root Certification Authority ECC Cert Location: www.ssl.com/repository/SSLcomEVRootCertificationAuthorityECC.cer SHA-1 Fingerprint: 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D SHA-256 Fingerprint: 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 Trust Flags: Websites Test URL: https://test-ev-ecc.ssl.com/ This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1277336 The next steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached. 2) A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox. 3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly. 4) The Mozilla representative requests that another Mozilla representative review the patch. 5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED. 6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Reporter | ||
Comment 1•7 years ago
|
||
Reporter | ||
Comment 2•7 years ago
|
||
Reporter | ||
Comment 3•7 years ago
|
||
Reporter | ||
Comment 4•7 years ago
|
||
Reporter | ||
Comment 5•7 years ago
|
||
Leo, Please see step #1 above.
Hello Kathleen, All information on this bug is confirmed accurate. Regards, Leo Grove
Reporter | ||
Comment 7•7 years ago
|
||
Leo, The test build is available here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=28d1a40bfeeeccbe5c8d7ac657d7683ab61055a7 To find the binary, for example, for Mac OSX: - Find the line with OSX that contains tc(B). - Click the green B inside that tc(B), and the bottom part of the page will change to show more details of that build. - In the right hand colum, you see several "artifact uploaded" entries. - Scroll down that list to find "target.dmg". That's the Mac disk image that you're looking for. Please test as soon as possible: https://wiki.mozilla.org/CA/Application_Instructions#Test Add a comment in this bug as soon as you have completed your testing.
Comment 8•7 years ago
|
||
Hello Kathleen, I can verify that the changes are as expected. I have tested with the Windows, Linux and MacOSX versions and I can confirm that everything appears to be fine. I have also verified the certdata.txt patch and everything appears to be correct. Kind regards, Fotis Loukos SSL.com Director of Security Architecture
Reporter | ||
Updated•7 years ago
|
Whiteboard: [ca-tested]
Reporter | ||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Whiteboard: [ca-tested] → In NSS 3.34, FF 58
You need to log in
before you can comment on or make changes to this bug.
Description
•