Closed Bug 378162 Opened 17 years ago Closed 17 years ago

Add DigiCert root CA certificate(s) to NSS

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.8

People

(Reporter: gerv, Assigned: KaiE)

References

Details

Attachments

(3 files)

DigiCert Assured ID Root CA
955 bytes, application/x-x509-ca-cert
Details
DigiCert Global Root CA
947 bytes, application/x-x509-ca-cert
Details
DigiCert High Assurance EV Root CA
969 bytes, application/x-x509-ca-cert
Details 
This bug requests inclusion in the NSS root certificate store of the following certificate(s), owned by DigiCert:

1) Friendly name: "DigiCert Assured ID Root CA"
   SHA1 Fingerprint: 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
   Trust flags: Websites, Email

2) Friendly name: "DigiCert Global Root CA"
   SHA1 Fingerprint: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
   Trust flags: Websites, Email

3) Friendly name: "DigiCert High Assurance EV Root CA"
   SHA1 Fingerprint: 5F:B7:EE:06:33:E2:59:DB:AD:OC:4C:9A:E6:D3:8F:1A:61:C7:DC:25
   Trust flags: Websites, Email

The certificate(s) themselves will be attached momentarily.

This CA has been assessed in accordance with the Mozilla project guidelines, and the certificate(s) approved for inclusion in bug 364568.

The steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is correct, and that the correct certificate(s) have been attached.

2) The Mozilla representative adds the certificate(s) to the store, and marks the bug RESOLVED FIXED.

3) Within two weeks, a representative of the CA must download a copy of the development version of Firefox and confirm (by adding a comment here) that the certificates have been correctly imported. If this does not happen, the certificates will be removed again.

4) The bug is VERIFIED.

Gerv

    
    

    
  


  

    
    

    
  
(In reply to comment #0)
> This bug requests inclusion in the NSS root certificate store of the following
> certificate(s), owned by DigiCert:
> 
> 1) Friendly name: "DigiCert Assured ID Root CA"
>    SHA1 Fingerprint:
> 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
>    Trust flags: Websites, Email

Confirmed Match

> 2) Friendly name: "DigiCert Global Root CA"
>    SHA1 Fingerprint:
> A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
>    Trust flags: Websites, Email

Confirmed Match

> 3) Friendly name: "DigiCert High Assurance EV Root CA"
>    SHA1 Fingerprint:
> 5F:B7:EE:06:33:E2:59:DB:AD:OC:4C:9A:E6:D3:8F:1A:61:C7:DC:25
>    Trust flags: Websites, Email

Confirmed Match

> The certificate(s) themselves will be attached momentarily.
> 
> This CA has been assessed in accordance with the Mozilla project guidelines,
> and the certificate(s) approved for inclusion in bug 364568.
> 
> The steps are as follows:
> 
> 1) A representative of the CA must confirm that all the data in this bug is
> correct, and that the correct certificate(s) have been attached.

Confirmed - all data in this bug is correct. We have downloaded the 3 attached certificates as posted, and verified that they match. We also ran an md5 checksum on each which matched our root certificates.

> 2) The Mozilla representative adds the certificate(s) to the store, and marks
> the bug RESOLVED FIXED.
> 
> 3) Within two weeks, a representative of the CA must download a copy of the
> development version of Firefox and confirm (by adding a comment here) that the
> certificates have been correctly imported. If this does not happen, the
> certificates will be removed again.

We will confirm in two weeks time.

> 4) The bug is VERIFIED.

Thanks, Ken


    
  
Blocks: 378489

    
  
No longer blocks: 378489
Depends on: 378489

    
    

    
  
I apologise for the delay. Please see bug 378489 for details on how to review the updated nssckbi.dll.

Gerv

    
    

    
  
I personally checked the roots, as did one of my engineers.  Everything checks out fine.  The sha1 and md5 fingerprints match exactly with our roots.  The names appear as we expected them, and our test sites worked perfectly when we browsed to them.

Thanks again,
Ken Bretschneider
DigiCert

    
    

    
  
Resolving FIXED. Note that this means the roots will be in NSS 3.11.8; exactly how they get into Firefox is still being worked out. We _hope_ we can find a way to get them into 2.0.0.5. No promises, though :-)

Gerv
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED

    
  
Target Milestone: --- → 3.11.8

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: