Closed Bug 1466252 Opened 2 years ago Closed 10 months ago
Cybertrust Japan: three test websites not provided
Section 2.2 of the BR says: "The CA SHALL host test Web pages that allow Application Software Suppliers to test their software with Subscriber Certificates that chain up to each publicly trusted Root Certificate. At a minimum, the CA SHALL host separate Web pages using Subscriber Certificates that are (i) valid, (ii) revoked, and (iii) expired." These three test websites are not provided for the following root certificate: CN=SecureSign RootCA11 SHA-256 Fingerprint: BF:0F:EE:FB:9E:3A:58:1A:D5:F9:E9:DB:75:89:98:57:43:D2:61:08:5C:4D:31:4F:6F:5D:72:59:AA:42:16:12 This root cert needs to be in full compliance with Mozilla's Root Store Policy and the CA/Browser Forum's Baseline Requirements, which includes having the 3 test websites. Or this root cert needs to be removed.
Hi, please let us check/discuss internally and update here.
We are preparing to issue the test websites. They will be ready for public at least by the end of September.
Regarding with the test website, could you please wait a little more until October 19th? We encountered an error while we tried to access the new test website for which we configured the SSL certificate issued from our new technically constrained SubCA under the JCSI root. After our investigation, we found that we should make the SubCA again to revise the value of Name Constraints extension in the SubCA certificate. So, please allow us some more time.
Whiteboard: [ca-compliance] → [ca-compliance] - Next update 19-Oct-2018
Followings are the URLs of our test websites (valid, expired, revoked). https://jcsi-valid.managedpki.ne.jp/ https://jcsi-expired.managedpki.ne.jp/ https://jcsi-revoke.managedpki.ne.jp/ We wrote above info at Case Comments on CCADB.
These test websites look good to me, so I added them to the Root Cert Record in the CCADB. I believe this bug may be closed.
Kathleen-san, Thank you.
Test websites are one of the most basic requirements placed on CAs. From comment #2, I am led to believe that these test websites never existed. Please explain why these websites did not exist, and how Cybertrust Japan was able to obtain an unqualified opinion from KPMG AZSA for the period ending February 28, 2018. Also, has Cybertrust Japan undertaken a thorough internal review to ensure that they are in full compliance with the BRs and Mozilla policy? If so, what were the results?
Masahiro: please respond to the questions in comment #7. It is not acceptable for you to ignore these questions.
Assignee: wthayer → masahiro.shikutani
Status: ASSIGNED → RESOLVED
Closed: 10 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.