Open Bug 1592138 Opened 4 months ago Updated 4 months ago

Add Macao Post eSignTrust root certificate


(NSS :: CA Certificate Root Program, task, enhancement)

Not set


(Not tracked)



(Reporter: kwilson, Assigned: kwilson)


(Whiteboard: [ca-verifying] - KW 2019-10-28 - Comment #2 )

A representative of Macao Post created a Root Inclusion Case here:

The Case was created on 2/28/2019, but I did not ever see a corresponding Bugzilla Bug about it, so creating one now.

The request is to include the following root certificate:
CN=eSignTrust Root Certification Authority (G03); O=Macao Post and Telecommunications Bureau; C=MO
SHA-256 Fingerprint: 0E30D04A94DCC423E26FDC4C24AFCF4923BD80D83B661B06A2F5856361560407
Serial Number: 3CFB7DF47EA4B4C672A03FC3D25C7CC6
Valid From: 1/1/2017
Valid To: 12/31/2041

The "Macao Post eSignTrust Root Certification Authority (G02)" root certificate is currently in Microsoft's program, with the Client Authentication trust bit enabled.

Audit Statement for period 2/1/2017 - 2/28/2018:

Audit Statement for period 3/1/2018 - 2/28/2019:

The link below shows the information that has been verified for this root inclusion request. Search in the page for the word "NEED" to see where further clarification is requested. Please add a comment to this bug when you have provided all of the requested information.

In particular, please provide the following:

  1. Version table or changelog in the CPS.

  2. Check usage of "No stipulation" throughout CPS.
    The words "No Stipulation" mean that the particular document imposes no requirements related to that section.

  3. CPS section that describes how the CA must verify the email address to be included in the certificate.

  4. A public URL through which the CA certificate can be directly downloaded.

  5. Add records for the existing intermediate certs to the CCADB as described here:

Summary: Add Macao Post root certificate → Add Macao Post eSignTrust root certificate
Whiteboard: [ca-verifying] → [ca-verifying] - KW 2019-10-28 - Comment #2
You need to log in before you can comment on or make changes to this bug.