Closed Bug 1764210 Opened 4 years ago Closed 4 years ago

Add 4 DigiCert root certificates to NSS

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: kathleen.a.wilson, Unassigned)

References

Details

Attachments

(2 files)

DigiCertSMIMEECCP384RootG5.crt.pem
805 bytes, application/x-x509-ca-cert
Details
DigiCertSMIMERSA4096RootG5.crt.pem
1.92 KB, application/x-x509-ca-cert
Details

This bug requests inclusion in the NSS root store of the following root certificates owned by DigiCert.

The Cert at the Cert Location does not have the Fingerprints listed here and in the CCADB Case
Friendly Name: DigiCert TLS RSA4096 Root G5
Cert Location: https://cacerts.digicert.com/DigiCertRSA4096RootG5.crt.pem
SHA-1 Fingerprint: A78849DC5D7C758C8CDE399856B3AAD0B2A57135
SHA-256 Fingerprint: 371A00DC0533B3721A7EEB40E8419E70799D2B0A0F2C1D80693165F7CEC4AD75
Trust Flags: Websites
Test URL: https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/

The Cert at the Cert Location does not have the Fingerprints listed here and in the CCADB Case
Friendly Name: DigiCert TLS ECC P384 Root G5
Cert Location: https://cacerts.digicert.com/DigiCertECCP384RootG5.crt.pem
SHA-1 Fingerprint: 17F3DE5E9F0F19E98EF61F32266E20C407AE30EE
SHA-256 Fingerprint: 018E13F0772532CF809BD1B17281867283FC48C6E13BE9C69812854A490C1B05
Trust Flags: Websites
Test URL: https://digicert-tls-ecc-p384-root-g5.chain-demos.digicert.com/

The following two certs are OK
Friendly Name: DigiCert SMIME RSA4096 Root G5
Cert Location: https://cacerts.digicert.com/DigiCertSMIMERSA4096RootG5.crt.pem
SHA-1 Fingerprint: 5BC5ADE29AA754DA848953A5FED75B4686D05708
SHA-256 Fingerprint: 90370D3EFA88BF58C30105BA25104A358460A7FA52DFC2011DF233A0F417912A
Trust Flags: Email

Friendly Name: DigiCert SMIME ECC P384 Root G5
Cert Location: https://cacerts.digicert.com/DigiCertSMIMEECCP384RootG5.crt.pem
SHA-1 Fingerprint: 1CB8A708C90D207901A0B2367FF09565E45324FE
SHA-256 Fingerprint: E8E8176536A60CC2C4E10187C3BEFCA20EF263497018F566D5BEA0F94D0C111B
Trust Flags: Email

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificates approved for inclusion in bug #1706228

The next steps are as follows:

  1. A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificates have been attached.
  2. A Mozilla representative creates a patch with the new certificates.
  3. The Mozilla representative requests that another Mozilla representative review the patch.
  4. The Mozilla representative adds (commits) the patch to NSS, then closes this bug as RESOLVED FIXED.
  5. At some time after that, various Mozilla products will move to using a version of NSS which contains the certificates. This process is mostly under the control of the release drivers for those products.

It appears that the file download URLs for the two TLS roots in the CCADB were missing "TLS" in the file names. I've updated the CCADB root cases to point to the following two PEM files:

https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt.pem
https://cacerts.digicert.com/DigiCertTLSECCP384RootG5.crt.pem

Flags: needinfo?(martin.sullivan)
Flags: needinfo?(brenda.bernal)

I'll close this bug and start a clean bug.

Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(martin.sullivan)
Flags: needinfo?(brenda.bernal)
Resolution: --- → INVALID
No longer depends on: 1764206
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: