Closed
Bug 1478476
Opened 6 years ago
Closed 6 years ago
Add GlobalSign Root CA - R6 root certificate to NSS
Categories
(NSS :: CA Certificates Code, task)
NSS
CA Certificates Code
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kathleen.a.wilson, Unassigned)
References
Details
(Whiteboard: In NSS 3.39, Firefox 63)
Attachments
(6 files)
This bug requests inclusion in the NSS root store of the following root certificates owned by GlobalSign. Friendly Name: GlobalSign Root CA - R6 Cert Location: http://secure.globalsign.com/cacert/root-r6.crt SHA-1 Fingerprint: 8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 SHA-256 Fingerprint: 2CABEAFE37D06CA22ABA7391C0033D25982952C453647349763A3AB5AD6CCF69 Trust Flags: Email; Websites Test URL: https://valid.r6.roots.globalsign.com/ This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1390803. The next steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached. 2) A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox. 3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly. 4) The Mozilla representative requests that another Mozilla representative review the patch. 5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED. 6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Reporter | ||
Comment 1•6 years ago
|
||
Comment 3•6 years ago
|
||
Hi Kathleen, I approve the information provided above is correct. Thanks!
Flags: needinfo?(julie.olson)
Reporter | ||
Comment 4•6 years ago
|
||
Thanks, Julie. Root inclusions are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. It just happens that we are about to start the planned July batch of root changes. A test build will be provided and this bug will be updated to request that you test it. Since you are cc'd on this bug, you will get notification via email when that happens.
Reporter | ||
Comment 5•6 years ago
|
||
Julie, The test build is available here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=b995d66b28d86bfb0ad5d97c07570c7d940af9a3 Please test as described here: https://wiki.mozilla.org/CA/Application_Instructions#Test Then add a comment in this bug as soon as you have completed your testing.
Comment 6•6 years ago
|
||
Hi Kathleen, I was able to successfully test the certificate, I think. I'm afraid there were no directions for how to test the certificate on a Windows computer. This is the process I followed, please let me know if I should have done something else: 1. There was no downloadable build for a Windows computer other than Windows server 2012, so I had an engineer build a virtual machine for me. This machine didn't have Firefox installed so there was no need to create a new profile. 2. I downloaded the "Windows 2012 x64 opt" build and downloaded "target.installer.exe." 3. The set up wizard took me through the rest of the process to view Firefox Nightly. I was able to view the certificate in the browser's Options area and confirmed it was marked as "Builtin Object Token." I was also able to view our test site which chains to the certificate. Please let me know if this process works and confirms the test was successful. Thanks, Julie.
Reporter | ||
Comment 7•6 years ago
|
||
I don't have a Windows system, but it sounds like you were able to successfully download the test build and make sure the expected root cert is included and working. Thanks!
Reporter | ||
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Whiteboard: In NSS 3.39, Firefox 63
Comment 8•5 years ago
|
||
GlobalSign Audit Report - 2019 - WebTrust CA
Comment 9•5 years ago
|
||
GlobalSign Audit Report - 2019 - WebTrust EV CS
Comment 10•5 years ago
|
||
GlobalSign Audit Report - 2019 - WebTrust EV SSL
Comment 11•5 years ago
|
||
GlobalSign Audit Report - 2019 - WebTrust PTCS
Comment 12•5 years ago
|
||
GlobalSign Audit Report - 2019 - WebTrust SSL
You need to log in
before you can comment on or make changes to this bug.
Description
•