Closed Bug 1641716 Opened 2 months ago Closed 2 months ago

Add Microsoft's non-EV root certificates to NSS

Categories

(NSS :: CA Certificates Code, enhancement, P1)

3.54
enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kwilson, Assigned: jcj)

References

(Blocks 1 open bug)

Details

Attachments

(3 files)

This bug requests inclusion in the NSS root store of the following root certificates owned by Microsoft Corporation.

Friendly Name: Microsoft ECC Root Certificate Authority 2017
Cert Location: http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Root%20Certificate%20Authority%202017.crt
SHA-1 Fingerprint: 999A64C37FF47D9FAB95F14769891460EEC4C3C5
SHA-256 Fingerprint: 358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02
Trust Flags: Websites
Test URL: https://acteccroot2017.pki.microsoft.com/

Friendly Name: Microsoft RSA Root Certificate Authority 2017
Cert Location: http://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Root%20Certificate%20Authority%202017.crt
SHA-1 Fingerprint: 73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74
SHA-256 Fingerprint: C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0
Trust Flags: Websites
Test URL: https://actrsaroot2017.pki.microsoft.com/

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1448093

The next steps are as follows:

  1. A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
  2. A Mozilla representative creates a patch with the new certificates, and provides a special test version of Firefox.
  3. A representative of the CA uses the test version of Firefox to confirm (by adding a comment in this bug) that the certificates have been correctly imported and that websites work correctly.
  4. The Mozilla representative requests that another Mozilla representative review the patch.
  5. The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
  6. At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.

John, Please see step #1 above.

Flags: needinfo?(johnmas)

I and several of my colleagues have double checked the information above and the attached files and confirm the information and the attachments are correct.

Flags: needinfo?(johnmas)
Assignee: nobody → jjones
Severity: normal → S3
Status: NEW → ASSIGNED
Priority: -- → P1
Version: trunk → 3.54

Friendly Name: Microsoft ECC Root Certificate Authority 2017
Cert Location: http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Root%20Certificate%20Authority%202017.crt
SHA-1 Fingerprint: 999A64C37FF47D9FAB95F14769891460EEC4C3C5
SHA-256 Fingerprint: 358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02
Trust Flags: Websites
Test URL: https://acteccroot2017.pki.microsoft.com/

Friendly Name: Microsoft RSA Root Certificate Authority 2017
Cert Location: http://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Root%20Certificate%20Authority%202017.crt
SHA-1 Fingerprint: 73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74
SHA-256 Fingerprint: C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0
Trust Flags: Websites
Test URL: https://actrsaroot2017.pki.microsoft.com/

Depends on D79370

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 3.54
You need to log in before you can comment on or make changes to this bug.