Closed Bug 1727941 Opened 2 years ago Closed 1 year ago

Add Certainly R1 and E1 Root Certificates


(CA Program :: CA Certificate Root Program, task, P2)


(Not tracked)



(Reporter: wthayer, Assigned: bwilson)



(Whiteboard: [ca-approved] - In NSS 3.80, FF 103)


(7 files, 1 obsolete file)

Certainly would like to request the inclusion of our RSA (R1) and ECDSA (E1) root certificates.

These roots will only issue TLS server and client authentication certificates.


The CA certificates, CP/CPS, and other policy documents may be found at

The following audit reports are attached to this bug: Root Key Generation Ceremony, Key Protection period, and WTCA and WTBR point-in-time.

Type: enhancement → task
Whiteboard: [ca-initial]
Priority: -- → P3

Ben, ALV is failing because (1) the reports are point-in-time, and (2) they are not hosted on the Auditor's website. Are these acceptable errors, or do I need to do something to correct them?

Flags: needinfo?(bwilson)

I wouldn't worry because those are acceptable errors given the current state of your audits, inclusion application, and the processing capabilities of the ALV system.

Flags: needinfo?(bwilson)
Whiteboard: [ca-initial] → [ca-verifying]
Priority: P3 → P2
Whiteboard: [ca-verifying] → [ca-cps-review] BW 2022-01-28

Version 1.3 of the Certainly CP/CPS has been published to

Attaching an updated self-assessment based on Mozilla's new template and CP/CPS version 1.3.

Attachment #9239293 - Attachment is obsolete: true
Whiteboard: [ca-cps-review] BW 2022-01-28 → [ca-ready-for-discussion 2022-03-21]

Attaching Certainly's value statement (

This review was conducted on 4-Mar-2022 based on an earlier CA Compliance Self Assessment.

Public discussion started today 4-4-2022 with closing of public discussion anticipated for 25-Apr-2022 -

Whiteboard: [ca-ready-for-discussion 2022-03-21] → [ca-in-discussion] 2022-04-04

Public discussion closed today with a recommendation that Certainly's request be approved -

Whiteboard: [ca-in-discussion] 2022-04-04 → [ca-pending-approval] 2022-04-26

The 7-day last-call period has now passed without comment.

Flags: needinfo?(kwilson)

As per Comment #14, and on behalf of Mozilla I approve this request from Certainly LLC to include the following root certificates:

** Certainly Root R1 (Websites)
** Certainly Root E1 (Websites)

I will file the NSS bug for the approved changes.

Flags: needinfo?(kwilson)
Whiteboard: [ca-pending-approval] 2022-04-26 → [ca-approved] - pending NSS code changes

I have filed bug #1768970 against NSS for the actual changes.

Depends on: 1768970
Closed: 1 year ago
Resolution: --- → FIXED
Whiteboard: [ca-approved] - pending NSS code changes → [ca-approved] - In NSS 3.80, FF 103
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.