Closed Bug 1478476 Opened 6 years ago Closed 6 years ago

Add GlobalSign Root CA - R6 root certificate to NSS

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Unassigned)

References

Details

(Whiteboard: In NSS 3.39, Firefox 63)

Attachments

(6 files)

GlobalSign-root-R6.crt
1.96 KB, application/x-x509-ca-cert
Details
19 - Globalsign - WebTrust CA - Report of Independent Certified Public ....pdf
857.88 KB, application/pdf
Details
19 - Globalsign - WebTrust EV CS - Report of Independent Certified Public Accountant & Management assertion.pdf
616.21 KB, application/pdf
Details
19 - Globalsign - WebTrust EV SSL - Report of Independent Certified Publ....pdf
622.18 KB, application/pdf
Details
19 - Globalsign - WebTrust PTC - Report of Independent Certified Public ....pdf
624.52 KB, application/pdf
Details
19 - Globalsign - WebTrust SSL - Report of Independent Certified Public Accountant & Management assertion.pdf
736.38 KB, application/pdf
Details 
This bug requests inclusion in the NSS root store of the following root certificates owned by GlobalSign. 

Friendly Name: GlobalSign Root CA - R6
Cert Location: http://secure.globalsign.com/cacert/root-r6.crt
SHA-1 Fingerprint: 8094640EB5A7A1CA119C1FDDD59F810263A7FBD1
SHA-256 Fingerprint: 2CABEAFE37D06CA22ABA7391C0033D25982952C453647349763A3AB5AD6CCF69
Trust Flags: Email; Websites
Test URL: https://valid.r6.roots.globalsign.com/

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1390803.

The next steps are as follows:
1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
2) A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox.
3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly.
4) The Mozilla representative requests that another Mozilla representative review the patch.
5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Attached file GlobalSign-root-R6.crt 

    
    

    
  
Julie, Please see step #1 above.
Flags: needinfo?(julie.olson)

    
    

    
  
Hi Kathleen,

I approve the information provided above is correct.

Thanks!
Flags: needinfo?(julie.olson)

    
  
Blocks: 1478480

    
    

    
  
Thanks, Julie.

Root inclusions are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. It just happens that we are about to start the planned July batch of root changes.

A test build will be provided and this bug will be updated to request that you test it. Since you are cc'd on this bug, you will get notification via email when that happens.

    
  
Depends on: 1478638

    
    

    
  
Julie,

The test build is available here:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=b995d66b28d86bfb0ad5d97c07570c7d940af9a3

Please test as described here:
https://wiki.mozilla.org/CA/Application_Instructions#Test

Then add a comment in this bug as soon as you have completed your testing.

    
    

    
  
Hi Kathleen,

I was able to successfully test the certificate, I think. I'm afraid there were no directions for how to test the certificate on a Windows computer. This is the process I followed, please let me know if I should have done something else:

1. There was no downloadable build for a Windows computer other than Windows server 2012, so I had an engineer build a virtual machine for me. This machine didn't have Firefox installed so there was no need to create a new profile.
2. I downloaded the "Windows 2012 x64 opt" build and downloaded "target.installer.exe."
3. The set up wizard took me through the rest of the process to view Firefox Nightly. I was able to view the certificate in the browser's Options area and confirmed it was marked as "Builtin Object Token." I was also able to view our test site which chains to the certificate.

Please let me know if this process works and confirms the test was successful.

Thanks,
Julie.

    
    

    
  
I don't have a Windows system, but it sounds like you were able to successfully download the test build and make sure the expected root cert is included and working. Thanks!

    
  
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Whiteboard: In NSS 3.39, Firefox 63

    
    

    
  


  
GlobalSign Audit Report - 2019 - WebTrust CA



    
    

    
  


  
GlobalSign Audit Report - 2019 - WebTrust EV SSL



    
    

    
  


  
GlobalSign Audit Report - 2019 - WebTrust PTCS



          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: