Closed Bug 289475 Opened 20 years ago Closed 20 years ago

GeoTrust / Equifax root certificates not marked for S/Mime and new root insertion

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 289988

People

(Reporter: cbailey, Assigned: hecker)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 The roots below are only mared for SSL Certificate Authority. We need to mark the following certificates: Equifax Secure CA Equifax Secure eBusiness CA-2 Equifax Secure Global CA-1 Equifax Secure eBusiness CA-1 With the following uses: SSL Server Certificate Email Signer Certificate Email Recipient Certificate SSL Certificate Authority Status Responder Certificate Additionally, we would like to insert 3 of our next generation of CA certificates and mark them for the same usages as above. Root 1 GeoTrust Universal CA https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Universal_CA.cer (Base-64 encoded X.509) Organization: GeoTrust Inc. Country: US Serial Number: 01 Validity Period: Tue March 04, 2004 to Sun March 04, 2029 (GMT) Certificate Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48 Certificate Fingerprint (SHA-1): e6:21:f3:35:43:79:05:9a:4b:68:30:9d:8a:2f:74:22:15:87:ec:79 Key Length: 4096 Root 2 GeoTrust Global CA2 https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA2.cer (Base-64 encoded X.509) Organization: GeoTrust Inc. Country: US Serial Number: 01 Validity Period: Tue March 04, 2004 to Sun March 04, 2019 (GMT) Certificate Fingerprint (MD5): 0E:40:A7:6C:DE:3:5D:8F:D1:F:E4:D1:8D:F9:6C:A9 Certificate Fingerprint (SHA-1): a9:e9:78:08:14:37:58:88:f2:05:19:b0:6d:2b:0d:2b:60:16:90:7d Key Length: 2048 Root 3 GeoTrust Universal CA2 https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Universal_CA2.cer (Base-64 encoded X.509) Organization: GeoTrust Inc. Country: US Serial Number: 01 Validity Period: Tue March 04, 2004 to Sun March 04, 2029 (GMT) Certificate Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7 Certificate Fingerprint (SHA-1): 37:9a:19:7b:41:85:45:35:0c:a6:03:69:f3:3c:2e:af:47:4f:20:79 Key Length: 4096 Please contact Chris Bailey, CTO of GeoTrust if you have any questions. Chris Bailey cbailey@geotrust.com 678-595-7999 (cell) Reproducible: Always
Status: UNCONFIRMED → NEW
Ever confirmed: true
Chris, To see the trust settings on your root CA certs, you should select a cert and click on the Edit button instead of the View button. You will see that your four root CA certs all have the following trust settings: This certificate can identify web sites. This certificate can identify mail users. This certificate can identify software makers. I will find out how Mozilla's Certificate Manager determines "This certificate has been verified for the following uses" list and get back to you. By the way I was also confused by the same UI today and filed a bug (bug 289988).
This is really a UI bug. The certs are correctly trusted, but the UI doesn't show it well enough. Wan-Teh's bug 289988 captures that issue, so I will mark this bug a duplicate of that. *** This bug has been marked as a duplicate of 289988 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.