Add CERN Certification Authorities and Root Certificates
Categories
(CA Program :: CA Certificate Root Program, enhancement)
Tracking
(Not tracked)
People
(Reporter: guilherme, Assigned: kathleen.a.wilson)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Steps to reproduce:
I would like to request the inclusion of CERN (https://home.cern) certificates in NSS.
The files are available at https://cafiles.cern.ch/cafiles/ and are used by CERN websites. See also https://cafiles.cern.ch/cafiles/certificates/Cern.aspx and https://cafiles.cern.ch/cafiles/certificates/Grid.aspx.
|
||
Comment 1•4 years ago
|
||
Do you represent CERN?
The process is that a representative of the CA needs to apply, as described in https://wiki.mozilla.org/CA/Application_Process . The CA also needs to comply with the Mozilla Root Store Policy and the CCADB Policy. I didn't see any evidence at the website that these certificates did, and certificates that have not complied since their keys were created are required to generate new certificates and keys that fully comply (e.g. meet all the necessary audit criteria).
In general, this means that no CA part of the IGTF will be trusted or included within NSS.
|
Reporter | |
Comment 2•4 years ago
|
||
My apologies. I work at CERN, but I do not represent the Certificate Authority there. I only realized how complex the application process was after filing this request. I filed an internal request at CERN once the application process at https://wiki.mozilla.org/CA/Application_Process was pointed out to me, but it seems that at least at the moment there is no intent to apply.
|
||
Updated•2 years ago
|
Description
•