The default bug view has changed. See this FAQ.

Add FNMT Root CA cert for SSL (Spain)

RESOLVED DUPLICATE of bug 435736

Status

mozilla.org
CA Certificates
--
enhancement
RESOLVED DUPLICATE of bug 435736
9 years ago
9 years ago

People

(Reporter: Fernando García Gómez, stripTM, Assigned: Frank Hecker)

Tracking

Details

(URL)

Attachments

(2 attachments)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9b2pre) Gecko/2007121105 Minefield/3.0b2pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9b2pre) Gecko/2007121105 Minefield/3.0b2pre

In Spain, the official SSL Certificates certifying entity is FNMT (Fabrica nacional de moneda y timbre / Coin and Stamps National manufacture). But when trying to access a web page with a certificate issued by that entity, a warning is displayed by the web browser. This will be increased in Firefox 3 as instead of displaying a warning it will show a web page with the error but nothing of the web page is displayed.

I don't know whether the problem is that Mozilla does not recognize the FNMT as an SSL Certificates certifying entity or there is another problem. Anyway, no error is displayed with Internet Explorer, but surely this is not significant ;-)

Reproducible: Always

Steps to Reproduce:
1. Enter https://www.nic.es/
2. Show (Código de error: sec_error_untrusted_issuer)
Actual Results:  
https://www.nic.es/ dont show

Expected Results:  
Mozilla reconize the FNMT SSL Certificates
Assignee: nobody → hecker
Component: Page Info → CA Certificates
Product: Firefox → mozilla.org
QA Contact: page.info → ca-certificates
Version: unspecified → other
IINM, Mozilla policy is to accept requests to include CA certs ONLY from 
representatives of the CA itself, and not from third parties (e.g. users).
Perhaps you can ask someone at that CA to apply for inclusion in Mozilla.
Nelson is correct. Resolving as INCOMPLETE. You may use this bug as evidence of our policy in your email to FNMT.

Gerv
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INCOMPLETE

Comment 3

9 years ago
Hola.
Pertenezco a la CA FNMT. Estoy intentando realizar los pasos para poder incluir el certificado raíz de la FNMT en el almacén de autoridades de Firefox. ¿Qué debo hacer?
Gracias
Reopening, Cristina is from FNMT and is asking what the steps are to include their certificate in Firefox.

(cristina, toda la comunicación en Bugzilla se hace en inglés)
Status: RESOLVED → UNCONFIRMED
Resolution: INCOMPLETE → ---

Updated

9 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Severity: normal → enhancement
Summary: Mozilla does not recognize the FNMT as an SSL Certificates certifying entity → Add Spanish FNMT Root CA cert for SSL
Christina,
I've written the first draft of a wiki page on  
"How to apply for root CA certificate inclusion in Mozilla products".  
I think it will help you advance your request to the next stage.
See it at http://wiki.mozilla.org/CA:Root_Certificate_Requests 
I invite your feedback by email.
I must give credit to Gervase Markham for writing the original guide,
which I adapted into the wiki page.  Thanks, Gerv.
Cristina, si necesitas ayuda para proporcionar la información necesaria para poder incluir el certificado, por favor, ponte en contacto conmigo e intentaré ayudarte. Esta mañana estaba usando Firefox 3 Beta 5 y me enconté con este problema. Yo tengo los conocimientos necessarios para resolverlo, pero la mayoría de la gente no, y el certificado de la FNMT CA es importante en España.


Cristina, if you need help with providing the needed info to get the certificate included, please, you can contact me and I will help you. I was just using Firefox 3 Beta 5 this morning and I just faced this problem. I am technically skilled to solve it, but a lot of people is not, and FNMT CA is important in Spain.
Created attachment 314067 [details]
cert details

Here are the certificate details sent to me by cristina
Gervase, any news about this?

Most official sites in Spain use certificates from FNMT and would be a pity that users think that "that warning page" means they have to use IE to access to the site.
Nukeador: Frank Hecker (the assignee of this bug) is currently running the root program. He's the man to speak to.

Gerv

Comment 11

9 years ago
Hecker: What is the current status of this request?
Frank this is a hight priority bug for all the Spanish users, I'm checking it and most of public services are using now these certificates.
I vote for this bug.

A lot of official Spanish websites uses this CA, so I think that this CA must be supported in Firefox 3.
You have to understand that FNMT is the issuer designed by Goverment as CA. Thought there are other recognised CAs, it is the main one, used in every official website. Also, to get the extent of this, every new National ID card (which is mandatory for every citizen) is an smartcard with a cert issued by FNMT CA, which can be legally used to digitally sign any document, and it, by Spanish Digital Signature Law, as to be recognized as such not only by Goverment, but by every citizen.
Please, it is an important certificate, that has to be included to promote Firefox use within Spanish users. Not having it will mean that a lot of official webpages 'won't work' with FF from users point of view. And they will use IE instead.

Thanks
Created attachment 321673 [details]
Cert details in HTML format

Jose, Guillermo, Ramon, and Nukeador,

This bug is the place where Mozilla and the representatives of FNMT should
communicate with each other, communicating the essential fact necessary for
Mozilla to make the technical evaluation of the CA's application.  

It is NOT the place for advocacy.  It's not the place for people to try to 
present persuasive and compelling arguments for acceptance of the applicant.
The places for such advocacy are the newsgroup 
news://news.mozilla.org:119/mozilla.dev.tech.crypto and the associated 
mailing list, dev-tech-crypto@lists.mozilla.org .
Note that the mailing list only accepts emails from list subscribers.  
Subscribe at https://lists.mozilla.org/listinfo/dev-tech-crypto
Summary: Add Spanish FNMT Root CA cert for SSL → Add FNMT Root CA cert for SSL (Spain)
To follow the discussion in the Usenet group via web:

http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/da33d24030fe5e6f#
(In reply to comment #15)
> Created an attachment (id=321673) [details]
> Cert details in HTML format
> 
> Jose, Guillermo, Ramon, and Nukeador,
> 
> This bug is the place where Mozilla and the representatives of FNMT should
> communicate with each other, communicating the essential fact necessary for
> Mozilla to make the technical evaluation of the CA's application.


I fully agree with your remark about this place not being for advocacy (and therefore I'm sticking to BugZilla nettiquete).

However, looking at the comment history I'd say that Mozilla is the one with the ball in his court. I'm pretty sure these days are not boring for anyone at Mozilla Corp., esp. those directly involved in Firefox 3 release, :-) but it would be a pity to fail to resolve this bug just because FNMT representatives and Mozilla staff were waiting each other to take the next step.

So, just to clarify (and I'm not inquiring you, Nelson, as I think you're just trying to help to move forward this bug, and I thank you for that), is Mozilla staff waiting for FNMT people to do something else?

TIA
Cristina has open a new bug (bug #435736) with all the information.

Please, close this bug.

Comment 19

9 years ago
I didn´t open this bug. I can´t close it.
(Reporter)

Updated

9 years ago
Depends on: 435736
Closing as a duplicate of bug 435736
Status: NEW → RESOLVED
Last Resolved: 9 years ago9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 435736
You need to log in before you can comment on or make changes to this bug.