Closed Bug 252610 Opened 21 years ago Closed 19 years ago

Add a.trust CA Certificate to builtin certificates

Categories

(CA Program :: CA Certificate Root Program, task, P2)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 373746

People

(Reporter: sabet, Assigned: hecker)

References

(
URL
)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Build Identifier: we at a.trust get a lot of requests from our customers, why our CA Certificate ist only included in MS Internet Explorer. a.trust (founded in February 17, 2000) ist the only accredited TrustCenter in Austria issuing smartcard based qualified certificates for Austrian citizen used in eGovernment, etc. In March 11, 2002 A-Trust has been accredited according to § 17 of the Austrian Signature Law by Telekom-Control-Kommission, the Austrian supervisory body. A-Trust’s product range comprises user certificates, developer certificates and corporate certificates as well as consultation services and support with the development of e commerce and signature applications in accordance with the Directive 1999/93/EC. OCSP : http://ocsp.a-trust.at CPS: http://www.a-trust.at/docs/cps/a-sign-Premium/a-sign-premium.pdf Audit: Telekom Control Commission http://www.signatur.rtr.at/en/providers/providers/atrust.html http://www.signatur.rtr.at/en/providers/services/atrust-asign- premium.html Certificate: http://www.a-trust.at/certs/A-Trust-Qual-01a.crt http://www.a-trust.at/certs/A-Trust-nQual-01a.crt CRL: ldap://ldap.a-trust.at/ou=A-Trust-Qual-01,o=A-Trust,c=AT? certificateRevocationList;binary? ldap://ldap.a-trust.at/ou=A-Trust-nQual-01,o=A-Trust,c=AT? certificateRevocationList;binary? Reproducible: Always Steps to Reproduce: 1. 2. 3.
Well in the meantime we issued new certificates: with longer validity (until 2014) and UTF-8 encoding. All new certificates will be issued using only: http://www.a-trust.at/certs/A-Trust-Qual-02a.crt The certificates have been reissued based on the same key for validation purposes. http://www.a-trust.at/certs/A-Trust-Qual-01a.crt http://www.a-trust.at/certs/A-Trust-nQual-01a.crt The new CRL-Distribution-Points: ldap://ldap.a-trust.at/ou=A-Trust-Qual-02,o=A-Trust,c=AT? certificaterevocationlist?base?objectclass=eidCertificationAuthority ldap://ldap.a-trust.at/ou=A-Trust-Qual-01,o=A-Trust,c=AT? certificaterevocationlist?base?objectclass=eidCertificationAuthority ldap://ldap.a-trust.at/ou=A-Trust-nQual-01,o=A-Trust,c=AT? certificaterevocationlist?base?objectclass=eidCertificationAuthority regards, Ramin
My apologies for the delay in answering you. As I recall, the issue is how your CA has been audited, and whether the Austrian accreditation is sufficient for our purposes. As a first step, could you tell me if or how this relates to ETSI TS 101.456? (This has been proposed as a criteria we could use for how CAs operate, similar to WebTrust and ANSI X9.79.)
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
The chain of Trust we are refering to is the following: according to the Austrian supervisory authority Telekom-Control-Kommission a.trust is a accredited Trustcenter: http://signatur.rtr.at/en/providers/providers/atrust.html According to the European Signature Directive: http://europa.eu.int/information_society/eeurope/2005/all_about/security/esigna tures/index_en.htm in Austria the Telekom-Control-Kommission is responsible for Accreditation and supervision. Our Policy http://www.a-trust.at/docs/cp/a-sign-premium/a-sign-premium.pdf confirms the compliance with ETSI TS 101 456 (Page 4)
Status: ASSIGNED → NEW
Long time since we received the last answer, is there anything else we can provide ? regards Ramin
QA Contact: ca-certificates
Priority: -- → P2
This document is now a "404 Not Found": http://www.a-trust.at/docs/cp/a-sign-premium/a-sign-premium.pdf Given the age of this request and the fact that some parts of the information provided are out of date, it would help us if you were to restate the request. Please provide the following data in the following format, as a *plain text comment* in this bug. This will help me do whatever evaluation is necessary, and then will be part of a public record describing the Mozilla default root certificates. CA Details ---------- CA Name: Website: One Paragraph Summary of CA, including the following: - General nature (e.g., commercial, government, academic/research, nonprofit) - Primary geographical area(s) served - Number and type of subordinate CAs Audit Type (WebTrust, ETSI etc.): Auditor: Auditor Website: Audit Document URL(s): Certificate Details ------------------- (To be completed once for each certificate) Certificate Name: Summary Paragraph, including the following: - End entity certificate issuance policy Certificate HTTP URL (on CA website): Version: SHA1 Fingerprint: MD5 Fingerprint: Modulus Length (a.k.a. "key length"): Valid From (YYYY-MM-DD): Valid To (YYYY-MM-DD): CRL HTTP URL: OCSP URL: Class (domain-validated, identity-validated or EV): Certificate Policy URL: CPS URL: Requested Trust Indicators (email and/or SSL and/or code): Thanks for your help in this matter. :-) Gerv
as requested a new bug has been reported: https://bugzilla.mozilla.org/show_bug.cgi?id=373746
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Blocks: 373746
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.