Closed Bug 1515457 Opened 6 years ago Closed 6 years ago

Add eMudhra Technologies Limited root certificates to NSS

Categories

(NSS :: CA Certificates Code, enhancement)

Product:
NSS
Component:
CA Certificates Code
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Unassigned)

References

Details

(Whiteboard: In NSS 3.43, FF 67)

Attachments

(4 files)

emSignRootCA-G1.crt
1.29 KB, application/x-x509-ca-cert
Details
emSignECCRootCA-G3.crt
874 bytes, application/x-x509-ca-cert
Details
emSignRootCA-C1.crt
1.25 KB, application/x-x509-ca-cert
Details
emSignECCRootCA-C3.crt
828 bytes, application/x-x509-ca-cert
Details
This bug requests inclusion in the NSS root store of the following root certificates owned by eMudhra Technologies Limited. Friendly Name: emSign Root CA - G1 Cert Location: https://repository.emsign.com/certs/emSignRootCAG1.crt SHA-256 Fingerprint: 40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367 Trust Flags: Email; Websites Test URL: https://testevg1.emSign.com Friendly Name: emSign ECC Root CA - G3 Cert Location: https://repository.emsign.com/certs/emSignECCRootCAG3.crt SHA-256 Fingerprint: 86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B Trust Flags: Email; Websites Test URL: https://testevg3.emsign.com Friendly Name: emSign Root CA - C1 Cert Location: https://repository.emsign.com/certs/emSignRootCAC1.crt SHA-256 Fingerprint: 125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F Trust Flags: Email; Websites Test URL: https://testevc1.emsign.com Friendly Name: emSign ECC Root CA - C3 Cert Location: https://repository.emsign.com/certs/emSignECCRootCAC3.crt SHA-256 Fingerprint: BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3 Trust Flags: Email; Websites Test URL: https://testevc3.emsign.com This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1442337 The next steps are as follows: 1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached. 2) A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox. 3) A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly. 4) The Mozilla representative requests that another Mozilla representative review the patch. 5) The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED. 6) At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Attached file emSignRootCA-G1.crt
Attached file emSignECCRootCA-G3.crt
Attached file emSignRootCA-C1.crt
Attached file emSignECCRootCA-C3.crt
Vijay, Please see step #1 above.
Blocks: 1515465
(In reply to Kathleen Wilson from comment #5) > Vijay, Please see step #1 above. I have reviewed this information, and the data in this bug are correct (including the certificates attached). Thank you.
Thanks for confirming that the information in this bug is correct. Root inclusions are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. When the changes are made, a test build will be provided and this bug will be updated to request that you test it. Since you are cc'd on this bug, you will get notification via email when that happens.
Depends on: 1533087

Vijay,These root certs have been added to Firefox Nightly, which you can test as described here:
https://wiki.mozilla.org/CA/Application_Instructions#Test
Except that rather than using a test build as described in step #1, use Firefox Nightly:
https://www.mozilla.org/en-US/firefox/channel/desktop/#nightly

Flags: needinfo?(vijay)

Thanks Kathleen.

Success:
We are able to verify this by installing the latest nightly build. Verified the presence in Options > Privacy & Security > Certificates > View Certificates. And also verified with the test URLS and getting the successful trust. Verified the trust bits for both web & email.

Doubt:
However, when we visit EV test website, it is not 'displaying the name of the certificate holder'. (Eg: https://testevg1.emsign.com/RootEVG1.html)

Please let me know.

Flags: needinfo?(vijay)

(In reply to Vijay Kumar from comment #9)

Thanks Kathleen.

Success:
We are able to verify this by installing the latest nightly build. Verified the presence in Options > Privacy & Security > Certificates > View Certificates. And also verified with the test URLS and getting the successful trust. Verified the trust bits for both web & email.

Thanks!

Doubt:
However, when we visit EV test website, it is not 'displaying the name of the certificate holder'. (Eg: https://testevg1.emsign.com/RootEVG1.html)

EV treatment gets enabled via a separate bug (Bug #1515465) after the root has been included in NSS.

(In reply to Kathleen Wilson from comment #10)

EV treatment gets enabled via a separate bug (Bug #1515465) after the root has been included in NSS.

Thanks Kathleen. That clarifies.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Whiteboard: In NSS 3.43, FF 67
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: