Closed Bug 340183 Opened 15 years ago Closed 15 years ago

Add the Netlock Class QA root certificate

Categories

(NSS :: Libraries, enhancement, P2)

3.11
enhancement

Tracking

(Not tracked)

RESOLVED FIXED
3.11.2

People

(Reporter: wtc, Assigned: KaiE)

References

Details

(Keywords: fixed1.8.1)

Attachments

(1 file)

We can add the new Netlock Class QA root certificate to NSS
now because it no longer has the critical certificate
extension that NSS doesn't support (bug 277797).

As stated in bug 279728 comment 3, this root certificate
(the first one of the four roots in that comment)
- does NOT issue SSL server certificates,
- issues email certificates,
- issues code signing certificates,
corresponding to the "no", "yes", "yes" answers to the
three questions in that comment.
Attached patch Proposed patchSplinter Review
This patch was generated with the command:

  addbuiltin -n "NetLock Qualified (Class QA) Root" -t c,C,C < netlock.der

The DER certificate file is in bug 313942 comment 8.
Attachment #224263 - Flags: review?(rrelyea)
What's the difference between this bug and bug 313942 ?

Perhaps the question I asked in bug 313942 should have been asked here.

When this patch is applied, and this new cert is displayed in 
PSM's cert manager, does it have the same problem as the cert named
"UTN-USERFirst-Client Authentication and Email" ?  That is, does PSM say 
"Could not verify this certificate because the issuer is not trusted." ?
Nelson, this bug is an NSS bug.  I can't request reviews on
the patch attached to bug 313942.
OK, then I don't understand why the patch was attached there.
But that doesn't matter.  Please do let me know about the PSM question.
Re: Nelson's question in comment 2

When this certificate is displayed in PSM's Certificate Viewer,
it has the same problem as the certificate named
"UTN-USERFirst-Client Authentication and Email".  The Certificate
Viewer says "Could not verify this certificate for unknown reasons."
Assignee: nobody → kengert
Priority: -- → P2
Target Milestone: --- → 3.11.2
Comment on attachment 224263 [details] [diff] [review]
Proposed patch

trust flags and nickname look good
Attachment #224263 - Flags: review?(rrelyea) → review+
checked in

trunk:
Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.38; previous revision: 1.37
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.39; previous revision: 1.38
done

3.11 branch:
Checking in certdata.c;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v  <--  certdata.c
new revision: 1.36.24.2; previous revision: 1.36.24.1
done
Checking in certdata.txt;
/cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v  <--  certdata.txt
new revision: 1.37.24.2; previous revision: 1.37.24.1
done
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Blocks: 340724
Keywords: fixed1.8.1
You need to log in before you can comment on or make changes to this bug.