Root inclusion request for D-TRUST BR Root CA 1 2020
Categories
(CA Program :: CA Certificate Root Program, task, P1)
Tracking
(Not tracked)
People
(Reporter: enrico.entschew, Assigned: bwilson)
References
Details
(Whiteboard: [ca-approved] - in Firefox 100, NSS 3.77)
Attachments
(4 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 Edg/87.0.664.41
Steps to reproduce:
This is a request for a root inclusion.
http://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_1_2020.crt
CN=D-TRUST BR Root CA 1 2020
O=D-Trust GmbH
(Planned rollover for D-TRUST Root Class 3 CA 2 2009)
Reporter | ||
Comment 1•4 years ago
|
||
Key Ceremony Attestation for D-TRUST BR Root CA 1 2020
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
According to the CCADB we need:
- BR Self-Assessment - https://wiki.mozilla.org/CA/BR_Self-Assessment
- Root Certificate Download URL (see above)
- Three test websites and testing
- Sub CA hierarchy, as applicable
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 3•3 years ago
|
||
Do you have three test websites with certificates that chain up to this root - a valid certificate, an expired certificate, and a revoked certificate? Thanks.
Reporter | ||
Comment 4•3 years ago
|
||
Hallo Ben, please find the requested information here:
Overview of the test websites of D-TRUST BR Root CA 1 2020
Valid: https://certdemo-ov-valid.tls.d-trust.net/
Revoked: https://certdemo-ov-revoked.tls.d-trust.net/
Expired: https://certdemo-ov-expired.tls.d-trust.net/
Furthermore, I submit the CA hierarchy including the Sub CAs in the pdf.
The results of the self assessment will follow after the updated CP, CPS and TSPS are published.
Reporter | ||
Comment 5•3 years ago
|
||
Please find here the CA hierarchy including Root CA and Sub CAs.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 6•3 years ago
|
||
Awaiting BR Self Assessment, and then this request can be moved to CP/CPS review.
Reporter | ||
Comment 7•3 years ago
|
||
Please find attached the BR self assessment of the D-TRUST BR Root CA 1 2020.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 8•3 years ago
|
||
CP-CPS review can be found in 4th column of attachment in Bug #1679258 - https://bugzilla.mozilla.org/attachment.cgi?id=9243128
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 9•3 years ago
|
||
CP-CPS Review highlights are posted here: https://bugzilla.mozilla.org/show_bug.cgi?id=1679258#c9
Reporter | ||
Comment 10•3 years ago
|
||
Information to the updated policy documents and revised BR self assessment can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=1679258#c10 and https://bugzilla.mozilla.org/show_bug.cgi?id=1679258#c11
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 11•2 years ago
|
||
Public discussion started today with a scheduled close of 28-Jan-2022: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/0Ljc_EkPsiQ/m/9XLIROdXBAAJ
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 12•2 years ago
|
||
Public discussion closed without comment and with my recommendation that we include this root CA certificate in NSS with the websites trust bit enabled. See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/0Ljc_EkPsiQ/m/34f608EgAgAJ
Comment 13•2 years ago
|
||
As per Comment #12, and on behalf of Mozilla I approve this request from D-TRUST to include the following root certificate:
** D-TRUST BR Root CA 1 2020 (Websites)
I will file the NSS bug for the approved changes.
Comment 14•2 years ago
|
||
I have filed bug #1754890 against NSS for the actual changes.
Updated•2 years ago
|
Updated•2 years ago
|
Description
•