Enable EV Treatment for D-TRUST EV Root CA 1 2020 root certificate
Categories
(Core :: Security: PSM, task)
Tracking
()
Tracking | Status | |
---|---|---|
firefox100 | --- | fixed |
People
(Reporter: kathleen.a.wilson, Assigned: jschanck)
References
Details
Attachments
(1 file)
Per bug #1679258 the request from D-TRUST has been approved to enable the following root certificates for EV use. Please make the corresponding changes to PSM.
Friendly Name: D-TRUST EV Root CA 1 2020
SHA-1 Fingerprint: 61DB8C2159690390D87C9C128654CF9D3DF4DD07
SHA-256 Fingerprint: 08170D1AA36453901A2F959245E347DB0C8D37ABAABC56B81AA100DC958970DB
EV Policy OID: 2.23.140.1.1
Test URL: https://certdemo-ev-valid.tls.d-trust.net/
NOTE: Bug #1754890 must be completed (the cert added to NSS), before this EV-enablement may be implemented.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Comment 3•3 years ago
|
||
bugherder |
Reporter | ||
Comment 4•3 years ago
|
||
Enrico,
Please update the EV TLS certificate for https://certdemo-ev-valid.tls.d-trust.net/ to contain website owner information.
Background:
I'm trying to test this EV-enablement in Firefox Nightly, but when I browse to https://certdemo-ev-valid.tls.d-trust.net/ no website owner information is displayed. So I view the certificate, and it says:
Website Identity
Website: certdemo-ev-valid.tls.d-trust.net
Owner: This website does not supply ownership information.
Thanks,
Kathleen
Comment 5•3 years ago
|
||
Kathleen,
I acknowledge your message. We have checked the EV TLS certificate of the test website and could not find any irregularity. Could you please provide us with more information about what could be the reason for this behaviour so that we can make the necessary changes and issue a new certificate?
Thanks,
Enrico
Reporter | ||
Comment 6•3 years ago
|
||
Hi Enrico,
It appears that the problem is that the server certificate needs to have the 2.23.140.1.1 OID first.
Reference: https://wiki.mozilla.org/CA/EV_Processing_for_CAs#First_OID
Please add a comment to this bug when the certificate for https://certdemo-ev-valid.tls.d-trust.net/ has been updated.
Thanks,
Kathleen
Reporter | ||
Comment 7•3 years ago
|
||
Per Bug #1769150 we are considering updating the PSM in Firefox so that the EV Policy OID does not have to be first. The earliest that would happen is Firefox 103.
Description
•