Add Hongkong Post Root CA 3 root certificate to NSS
Categories
(NSS :: CA Certificates Code, task)
Tracking
(Not tracked)
People
(Reporter: kathleen.a.wilson, Unassigned)
References
Details
(Whiteboard: In NSS 3.43, FF 67)
Attachments
(1 file, 2 obsolete files)
2.06 KB,
application/x-x509-ca-cert
|
Details |
This bug requests inclusion in the NSS root store of the following root certificates owned by Hongkong Post Certification Authority (HKPCA).
Friendly Name: Hongkong Post Root CA 3
Cert Location: https://bugzilla.mozilla.org/attachment.cgi?id=8980482
SHA-256 Fingerprint: 5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6
Trust Flags: Websites
Test URL: https://valid-ev.ecert.gov.hk/
This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1464306
The next steps are as follows:
- A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate has been attached.
- A Mozilla representative creates a patch with the new certificate, and provides a special test version of Firefox.
- A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificate has been correctly imported and that websites work correctly.
- The Mozilla representative requests that another Mozilla representative review the patch.
- The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
- At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.
Kathleen,
I confirm that the Hongkong Post Root CA3(PEM).cer at https://bugzilla.mozilla.org/attachment.cgi?id=9048619 is correct.
However, I'm sorry that the Cert Location https://bugzilla.mozilla.org/attachment.cgi?id=8980482 contains a wrong intermediate CA certificate file "Hongkong Post Root CA3 (Cross-signed by CA1)(PEM).cer". Please replace that file by the one attached here https://bugzilla.mozilla.org/attachment.cgi?id=9048757
If you have any questions, please feel free to let me know.
Man
Reporter | ||
Comment 4•5 years ago
|
||
Reporter | ||
Comment 5•5 years ago
|
||
Man, Please confirm:
-
That the correct root certificate is attached as HongkongPostRootCA3.crt
-
That https://crt.sh/?id=815792915 points to the correct cert to include.
Yes, I confirm that both 1. & 2. are correct.
Reporter | ||
Comment 7•5 years ago
|
||
Man, This root cert has been added to Firefox Nightly, which you can test as described here:
https://wiki.mozilla.org/CA/Application_Instructions#Test
Except that rather than using a test build as described in step #1, use Firefox Nightly:
https://www.mozilla.org/en-US/firefox/channel/desktop/#nightly
We followed the instruction to test this root cert. I confirm that this root cert has been added as Builtin Object Token, and our SSL certificate can successfully chain to this root cert.
Reporter | ||
Comment 9•5 years ago
|
||
(In reply to Man Ho from comment #8)
We followed the instruction to test this root cert. I confirm that this root cert has been added as Builtin Object Token, and our SSL certificate can successfully chain to this root cert.
Thanks!
Reporter | ||
Updated•5 years ago
|
Description
•